home

updatescantack.exe.infected

Scan Tack

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The file updatescantack.exe.infected by Scan Tack has been detected as adware by 15 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Scan Tack  (signed and verified)

Version:
1.0.5387.2864

MD5:
0856b71ee0537ceed4fa1f89aa0a58b6

SHA-1:
0ce8b85d3392ef8007153ac0301e4e5a14a64663

SHA-256:
e3f80023174a41c03aae435dc54ee854f1ee4eef6e11ef424a832b1dc184ce48

Scanner detections:
15 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/20/2024 2:01:13 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SwiftBrowse.Y
615

avast!
Win32:BrowseFox-J [PUP]
2014.9-150531

AVG
Generic
2016.0.3093

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.15531

Bitdefender
Adware.SwiftBrowse.Y
1.0.20.755

Emsisoft Anti-Malware
Adware.SwiftBrowse.Y
8.15.05.31.01

ESET NOD32
MSIL/BrowseFox (variant)
9.10564

F-Secure
Adware.SwiftBrowse.Y
11.2015-31-05_1

G Data
Adware.SwiftBrowse
15.5.24

IKARUS anti.virus
AdWare.SwiftBrowse
t3scan.1.7.8.0

Malwarebytes
PUP.Optional.ScanTack.A
v2015.05.31.01

MicroWorld eScan
Adware.SwiftBrowse.Y
16.0.0.453

nProtect
Adware.SwiftBrowse.Y
14.10.14.01

Reason Heuristics
PUP.Yontoo.ScanTack
15.5.30.21

VIPRE Antivirus
Yontoo
33930

File size:
509.8 KB (522,016 bytes)

Product version:
1.0.5387.2864

Original file name:
ScanTack.exe

Language:
Language Neutral

Digital Signature
Signed by:
Scan Tack

Authority:
VeriSign, Inc.

Valid from:
1/21/2014 6:00:00 PM

Valid to:
1/22/2015 5:59:59 PM

Subject:
CN=Scan Tack, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Scan Tack, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
44D91A3142283CE62B23F23C84838B0D

File PE Metadata
Compilation timestamp:
10/1/2014 4:35:33 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:/ZtRrPhGOTT9lzbsUm9sxbN+2CgdTZeA6ZYf0yJk8lghqXfFKSVim+Y5mbp:/FrJGT+holjZDIXfEs

Entry address:
0x7F27A

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 5B, 00, 00, 00, BC, F2, 07, 00, BC, D4, 07, 00, 52, 53, 44, 53, FB, 28, F7, 3E, A8, C1, 1C, 44, BE, 31, C6, D1, A9, 43, E3, C3, 01, 00, 00, 00, 44, 3A, 5C, 55, 74, 69, 6C, 69, 74, 69, 65, 73, 5C, 63, 69, 72, 34, 67, 78, 69, 63, 2E, 7A, 78, 71, 5C, 44, 65, 73, 6B, 74, 6F, 70, 5C, 44, 65, 73, 6B...
 
[+]

Entropy:
5.9211

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
501 KB (513,024 bytes)

Remove updatescantack.exe.infected - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.