home

updatescantack.exe

Scan Tack

Part of the Yontoo web browser plugin (delivers advertisements to the web browser in the form of injected banners, text-links, popups, etc.) the updater mechanism for Scan Tack will automatically keep the extension patched by downloaded new functionality which is auto-enabled by default. The application updatescantack.exe by Scan Tack has been detected as adware by 16 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Update ScanTack”. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Scan Tack  (signed and verified)

Version:
1.0.5423.24020

MD5:
c826d9d88b2b245a2b6b09f784827c2b

SHA-1:
dc764dcc7174e2c35dd95b0d346ddef03349444b

SHA-256:
407e2af8b1359e8c3ef21269944bef73be039c23f7a18630ee494ea658df26cb

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Part of the Yontoo adware web browser extension update process.

Analysis date:
4/19/2024 7:45:55 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SwiftBrowse.Y
820

AhnLab V3 Security
PUP/Win32.BrowseFox
2014.11.07

avast!
Win32:BrowseFox-J [PUP]
141025-0

AVG
Generic
2015.0.3298

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.14116

Bitdefender
Adware.SwiftBrowse.Y
1.0.20.1550

Emsisoft Anti-Malware
Adware.SwiftBrowse.Y
14.11.06

ESET NOD32
MSIL/BrowseFox (variant)
8.10682

F-Secure
Adware.SwiftBrowse.Y
11.2014-06-11_5

G Data
Adware.SwiftBrowse
14.11.24

K7 AntiVirus
Unwanted-Program
13.185.13930

Malwarebytes
PUP.Optional.ScanTack.A
v2014.11.06.06

MicroWorld eScan
Adware.SwiftBrowse.Y
15.0.0.930

nProtect
Adware.SwiftBrowse.Y
14.11.06.01

Reason Heuristics
Adware.Service.ScanTack.O
14.11.6.18

VIPRE Antivirus
Threat.4741131
34232

File size:
513.3 KB (525,600 bytes)

Product version:
1.0.5423.24020

Original file name:
ScanTack.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\scantack\updatescantack.exe

Digital Signature
Signed by:
Scan Tack

Authority:
VeriSign, Inc.

Valid from:
1/21/2014 10:00:00 PM

Valid to:
1/22/2015 9:59:59 PM

Subject:
CN=Scan Tack, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Scan Tack, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
44D91A3142283CE62B23F23C84838B0D

File PE Metadata
Compilation timestamp:
11/6/2014 7:20:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:9MeGv1CBvP0XiiEPYrmGsxbe+qHTZedzViLVhqHPFAv1uBHpb:9AvGnPhRbEyu1Ot

Entry address:
0x80086

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
504.5 KB (516,608 bytes)

Service
Display name:
Update ScanTack

Type:
Win32OwnProcess


Remove updatescantack.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.