» updateupperfind.exe.53ed6426
Overview
Analysis
File Details
Programs (1)

updateupperfind.exe.53ed6426

UpperFind

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The file updateupperfind.exe.53ed6426 by UpperFind has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program UpperFind by Yontoo Technology, Inc. which is a potentially unwanted software program.

File name:

Publisher:

UpperFind (signed and verified)

Version:

1.0.5335.38163

MD5:

cd1092f3a0db8046c95cea2c1f4039a3

SHA-1:

04432abaf0a2c899cac80228c5ce1ec5a9f114c3

SHA-256:

63e7b4a9f7506e798c84cb3b47bfe0252095a2406f6a4a15480587c3653d786f

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:

5/10/2024 9:05:42 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Yontoo (M)

17.2.18.18

File size:

315.7 KB (323,312 bytes)

Product version:

1.0.5335.38163

Original file name:

UpperFind.exe

Language:

Language Neutral

Common path:

C:\Program Files\upperfind\updateupperfind.exe.53ed6426

Digital Signature

Signed by:

UpperFind

Authority:

VeriSign, Inc.

Valid from:

7/28/2014 9:00:00 PM

Valid to:

7/29/2015 8:59:59 PM

Subject:

CN=UpperFind, O=UpperFind, L=Santa Monica, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3A4B94588F27E0C6A4333D91A636BC24

File PE Metadata

Compilation timestamp:

8/10/2014 7:12:21 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

Entry address:

0x4EBAE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, D8, 02, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

307 KB (314,368 bytes)

The file updateupperfind.exe.53ed6426 has been discovered within the following program.

UpperFind by Yontoo Technology, Inc.

UpperFind is an advertising supported (adware) extension that runs in the context of the user's web browser as well as a process in the background.

upperfind.com/support

85% remove it

Remove updateupperfind.exe.53ed6426 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.