» updatemelondrea.exe.vir
Overview
Analysis
File Details
Programs (1)

updatemelondrea.exe.vir

melondrea

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The file updatemelondrea.exe.vir by melondrea has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program melondrea by Yontoo Technology, Inc. which is a potentially unwanted software program.

File name:

Publisher:

melondrea (signed and verified)

Version:

1.0.5233.25170

MD5:

6902141dbc1583c962f5139c117bd3dc

SHA-1:

bae89b0640336df52a828dac75658c4532914d39

SHA-256:

07997c4a1cf96801ce6c37baa64d2597c1848b0f1135aafaf15fe9206cc92bef

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:

4/25/2024 1:21:32 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Yontoo.melondrea (M)

16.2.5.15

File size:

309.3 KB (316,704 bytes)

Product version:

1.0.5233.25170

Original file name:

melondrea.exe

Digital Signature

Signed by:

melondrea

Authority:

VeriSign, Inc.

Valid from:

11/26/2013 6:00:00 PM

Valid to:

11/27/2014 5:59:59 PM

Subject:

CN=melondrea, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=melondrea, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

1E3D0BA5A8E3C43BCD552347B3BB8B2B

File PE Metadata

Compilation timestamp:

4/30/2014 9:59:15 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:GXBn8WLq9vazzkbwGHYXd9Js2FF8VIvhBfb9o5d:GXB3Lyazzb1sUKyvC

Entry address:

0x4D10A

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

300.5 KB (307,712 bytes)

The file updatemelondrea.exe.vir has been discovered within the following program.

melondrea by Yontoo Technology, Inc.

This adware program injects advertisements with its affiliate ad providers in order to serve a number of ad types including banner, inline text links and popups.

melondrea.net/support

81% remove it

Remove updatemelondrea.exe.vir - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.