home

updatetechgile.exe

techgile

Part of the Yontoo web browser plugin (delivers advertisements to the web browser in the form of injected banners, text-links, popups, etc.) the updater mechanism for techgile will automatically keep the extension patched by downloaded new functionality which is auto-enabled by default. The application updatetechgile.exe by techgile has been detected as adware by 18 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Update Techgile”. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
techgile  (signed and verified)

Version:
1.0.5491.22293

MD5:
cd2d326c76b2b34ca604c154850a9437

SHA-1:
4e4e8651572320cb3fd87b5aeffddcc8a90e1e3a

SHA-256:
70b50cd7f04493cb6cecce0c0634fbfb8dbb4380be9e9668d46ad7bb7dab6cde

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Part of the Yontoo adware web browser extension update process.

Analysis date:
4/20/2024 5:01:49 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SwiftBrowse.CY
741

Avira AntiVirus
Adware/BrowseFox.apr
7.11.201.100

AVG
Generic
2016.0.3219

Baidu Antivirus
Adware.MSIL.BrowseFox
4.0.3.15125

Bitdefender
Adware.SwiftBrowse.CY
1.0.20.125

Emsisoft Anti-Malware
Adware.SwiftBrowse.CY
8.15.01.25.12

ESET NOD32
MSIL/BrowseFox (variant)
9.11014

F-Secure
Adware.SwiftBrowse.CY
11.2015-25-01_1

G Data
Adware.SwiftBrowse.CY
15.1.24

K7 AntiVirus
Adware
13.191.14645

Malwarebytes
PUP.Optional.Techgile.A
v2015.01.25.12

McAfee
Artemis!CD2D326C76B2
5600.6875

MicroWorld eScan
Adware.SwiftBrowse.CY
16.0.0.75

nProtect
Adware.SwiftBrowse.CY
15.01.14.01

Reason Heuristics
PUP.Service.techgile
15.1.25.0

Sophos
Generic PUA EO
4.98

Trend Micro House Call
Suspicious_GEN.F47V0114
7.2.25

VIPRE Antivirus
Yontoo
36656

File size:
516.7 KB (529,136 bytes)

Product version:
1.0.5491.22293

Original file name:
Techgile2015011320.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\techgile\updatetechgile.exe

Digital Signature
Signed by:
techgile

Authority:
VeriSign, Inc.

Valid from:
9/3/2014 9:00:00 PM

Valid to:
9/4/2015 8:59:59 PM

Subject:
CN=techgile, O=techgile, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
73F8CC58517F3D5D8C50DFEA9B1C4816

File PE Metadata
Compilation timestamp:
1/13/2015 6:23:14 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:hOPet9Mcj8miu0B3O+bLSv+tMUqi0zDiZ3gd56beh1G:hx9WBu7+tn+c3gd8z

Entry address:
0x80FBA

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 50, 00, 00, 80, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
508 KB (520,192 bytes)

Service
Display name:
Update Techgile

Type:
Win32OwnProcess


Remove updatetechgile.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.