home

updatesearchfoot.exe

SearchFoot

Part of the Yontoo web browser plugin (delivers advertisements to the web browser in the form of injected banners, text-links, popups, etc.) the updater mechanism for SearchFoot will automatically keep the extension patched by downloaded new functionality which is auto-enabled by default. The application updatesearchfoot.exe by SearchFoot has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Update SearchFoot”.
Publisher:
SearchFoot  (signed and verified)

Version:
1.0.5255.26676

MD5:
75eac81d068f9470107e0380158ee664

SHA-1:
cb2b92104678c7599ae81aff3f2c1ef5c4d06ccf

SHA-256:
438f2a189cc1bef9563f6ce3cac014d2ea94bc22cc5e4ff3c44313af0e85eda6

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Yontoo adware web browser extension update process.

Analysis date:
4/24/2024 3:00:36 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Yontoo.SearchFoot (M)
16.2.5.12

File size:
310.3 KB (317,728 bytes)

Product version:
1.0.5255.26676

Original file name:
SearchFoot.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\searchfoot\updatesearchfoot.exe

Digital Signature
Signed by:
SearchFoot

Authority:
VeriSign, Inc.

Valid from:
1/21/2014 9:00:00 PM

Valid to:
1/22/2015 8:59:59 PM

Subject:
CN=SearchFoot, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SearchFoot, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5F02DE54EB4BED008713866AAA6070E0

File PE Metadata
Compilation timestamp:
5/22/2014 12:49:26 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:PtBn8dkfR64/JzktxKATYGUZu8XEhtubu5j14P3:PtBQkU4/JkyUdz5j14P

Entry address:
0x4D586

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
301.5 KB (308,736 bytes)

Service
Display name:
Update SearchFoot

Type:
Win32OwnProcess


Remove updatesearchfoot.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.