» updateviewplay.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (2)

updateviewplay.exe

ViewPlay

Part of the Yontoo web browser plugin (delivers advertisements to the web browser in the form of injected banners, text-links, popups, etc.) the updater mechanism for ViewPlay will automatically keep the extension patched by downloaded new functionality which is auto-enabled by default. The application updateviewplay.exe by ViewPlay has been detected as adware by 9 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Update ViewPlay”. This file is typically installed with the program ViewPlay by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

updateviewplay.exe

Publisher:

ViewPlay (signed and verified)

Version:

1.0.5316.31276

MD5:

471b9ca0bafede53091f5d7c920db065

SHA-1:

e1a38ef1e93a3a053a5b2353806ae2a38a37efe9

SHA-256:

e78cab24dde2d7d68199a6159f5776385464a6ab453731f1a600f466891738a1

Scanner detections:

9 / 68

Status:

Adware

Explanation:

Part of the Yontoo adware web browser extension update process.

Analysis date:

5/10/2024 9:52:16 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2015.0.3398

Baidu Antivirus

Adware.Win32.BrowseFox

4.0.3.14729

ESET NOD32

Win32/BrowseFox (variant)

8.10170

IKARUS anti.virus

PUA.BrowseFox

t3scan.1.6.1.0

Malwarebytes

PUP.Optional.ViewPlay.A

v2014.07.29.07

McAfee

Artemis!471B9CA0BAFE

5600.7054

Qihoo 360 Security

HEUR/Malware.QVM03.Gen

1.0.0.1015

Trend Micro House Call

Suspicious_GEN.F47V0726

7.2.210

VIPRE Antivirus

Yontoo

31718

File size:

314.3 KB (321,816 bytes)

Product version:

1.0.5316.31276

Original file name:

ViewPlay.exe

File type:

Executable application (Win64 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\viewplay\updateviewplay.exe

Digital Signature

Signed by:

ViewPlay

Subject:

CN=ViewPlay, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ViewPlay, L=San Diego, S=California, C=US

Serial number:

0F9F45EC13C318E3C0F42DA156EA0A92

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

6144:aAVBn8WCSp3Le9kZSL6pdfJdYRqs7Pfo1BHD90ppbILG:aAVBLC2Le9DrXo3xwO6

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.0912

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Service

Display name:

Update ViewPlay

Type:

Win32OwnProcess

The file updateviewplay.exe has been discovered within the following programs.

Buzzdock by Alactro LLC

This is a web browser extension that injects advertising. From the EULA: "Buzzdock is free to download and use. Buzzdock is supported by advertising, and users will see additional ads on websites where Buzzdock features operate.

www.buzzdock.com/faq-support

79% remove it

ViewPlay by Yontoo Technology, Inc.

This adware program injects advertisements with its affiliate ad providers in order to serve a number of ad types including banner, inline text links and popups.

viewplay.net/support

81% remove it

Remove updateviewplay.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.