home

updatemelondrea.exe

melondrea

Part of the Yontoo web browser plugin (delivers advertisements to the web browser in the form of injected banners, text-links, popups, etc.) the updater mechanism for melondrea will automatically keep the extension patched by downloaded new functionality which is auto-enabled by default. The application updatemelondrea.exe by melondrea has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Update melondrea”. This file is typically installed with the program melondrea by Yontoo Technology, Inc. which is a potentially unwanted software program.
Publisher:
melondrea  (signed and verified)

Version:
1.0.5225.27373

MD5:
302b5eda61ff3777191856b537bdd5f8

SHA-1:
ee104ea99e6e2847fc48f5c112fd2bb7b04d3ffd

SHA-256:
b23b0b766569d0539f7d6c0662744c5d2ae1503ecbd11974b2efe09b5eb06da5

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Yontoo adware web browser extension update process.

Analysis date:
4/26/2024 12:02:13 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Yontoo.melondrea (M)
16.2.3.23

File size:
342.3 KB (350,496 bytes)

Product version:
1.0.5225.27373

Original file name:
melondrea.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\melondrea\updatemelondrea.exe

Digital Signature
Signed by:
melondrea

Authority:
VeriSign, Inc.

Valid from:
11/26/2013 10:00:00 PM

Valid to:
11/27/2014 9:59:59 PM

Subject:
CN=melondrea, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=melondrea, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1E3D0BA5A8E3C43BCD552347B3BB8B2B

File PE Metadata
Compilation timestamp:
4/22/2014 1:12:40 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:qrS5C46u10miYYIvL41+WvMeVzN+5qNtHVrcVyqeF6IgShCI+bAry8ckbE+LYX:qrS5tjlHmgShCI+0O8hYX

Entry address:
0x55566

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
333.5 KB (341,504 bytes)

Service
Display name:
Update melondrea

Type:
Win32OwnProcess


The file updatemelondrea.exe has been discovered within the following programs.

melondrea  by Yontoo Technology, Inc.
This adware program injects advertisements with its affiliate ad providers in order to serve a number of ad types including banner, inline text links and popups.
melondrea.net/support
81% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 200-157-208-251.ded.intelignet.com.br  (200.157.208.251:80)

TCP (HTTP):
Connects to a23-4-43-27.deploy.static.akamaitechnologies.com  (23.4.43.27:80)

TCP (HTTP):
Connects to a201-016-134-136.deploy.akamaitechnologies.com  (201.16.134.136:80)

TCP (HTTP):
Connects to 200-157-208-233.ded.intelignet.com.br  (200.157.208.233:80)

Remove updatemelondrea.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.