home

updatenorpalla.exe

Norpalla

Part of the Yontoo web browser plugin (delivers advertisements to the web browser in the form of injected banners, text-links, popups, etc.) the updater mechanism for Norpalla will automatically keep the extension patched by downloaded new functionality which is auto-enabled by default. The application updatenorpalla.exe by Norpalla has been detected as adware by 8 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Update Norpalla”. This file is typically installed with the program Norpalla by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Norpalla  (signed and verified)

Version:
1.0.5322.28986

MD5:
115ef6464deb8c76bce31586533fa5f2

SHA-1:
0254596f850182ecd1f6e445815c8ea3f261f21e

SHA-256:
7751150cab30e8b307b213a6d92f7b99b2cca8edc3bf2db93f101ddef3071977

Scanner detections:
8 / 68

Status:
Adware

Explanation:
Part of the Yontoo adware web browser extension update process.

Analysis date:
4/18/2024 5:25:50 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Norpalla
2015.0.3398

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.14729

ESET NOD32
Win32/BrowseFox (variant)
8.10173

IKARUS anti.virus
PUA.BrowseFox
t3scan.1.6.1.0

Malwarebytes
PUP.Optional.Norpalla.A
v2014.07.29.11

Reason Heuristics
Adware.Yontoo.Norpalla.O
14.7.29.23

Trend Micro House Call
Suspicious_GEN.F47V0729
7.2.210

VIPRE Antivirus
Trojan.Win32.Generic
31732

File size:
314.3 KB (321,824 bytes)

Product version:
1.0.5322.28986

Original file name:
Norpalla.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\norpalla\updatenorpalla.exe

Digital Signature
Signed by:
Norpalla

Authority:
VeriSign, Inc.

Valid from:
2/4/2014 3:00:00 AM

Valid to:
2/5/2015 2:59:59 AM

Subject:
CN=Norpalla, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Norpalla, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3CF8FDC7B1329843A9D5EE18CBB6A945

File PE Metadata
Compilation timestamp:
7/28/2014 8:06:26 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:jgcBn80cLO/hzJXk1CL2S0mqwObMs7ZVam5uvypb8RLv:jgcBxcLGzJnWxDSq+Rz

Entry address:
0x4E59A

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00...
 
[+]

Entropy:
6.0918

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
305.5 KB (312,832 bytes)

Service
Display name:
Update Norpalla

Type:
Win32OwnProcess


The file updatenorpalla.exe has been discovered within the following programs.

Norpalla  by Yontoo Technology, Inc.
This adware software (a branded version of the morphing Yontoo adware browser addon) injects itself into the user's web browser (IE, Chrome and Firefox) and will display out-of context advertising on web sites that are not associated with Yontoo or its affiliate partners.
norpalla.com/support
79% remove it
 
Powered by Should I Remove It?

Remove updatenorpalla.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.