» utiladanak.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

utiladanak.exe

Adanak

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application utiladanak.exe by Adanak has been detected as adware by 8 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Update Adanak”. This file is typically installed with the program Adanak by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

utiladanak.exe

Publisher:

Adanak (signed and verified)

Version:

1.0.5411.901

MD5:

5e72aeaf272e2d8c97e3c4d2c6155b42

SHA-1:

8bcf0494aa6036de72b4b6f6e78d74813dddd1f1

SHA-256:

5893d817f7e3a760c56ebdd123a3f25d7e2fb1f8b4fed649ea3752f54187ffc4

Scanner detections:

8 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/25/2024 8:14:27 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:BrowseFox-CK [PUP]

2014.9-141025

AVG

Generic

2015.0.3311

Baidu Antivirus

Adware.Win32.BrowseFox

4.0.3.141025

ESET NOD32

MSIL/BrowseFox (variant)

8.10619

IKARUS anti.virus

PUA.SwiftBrowse

t3scan.1.7.8.0

Malwarebytes

PUP.Optional.Adanak.A

v2014.10.25.10

Reason Heuristics

Adware.Service.Adanak.K

14.10.25.8

VIPRE Antivirus

Yontoo

34232

File size:

511.3 KB (523,544 bytes)

Product version:

1.0.5411.901

Original file name:

Adanak.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\adanak\bin\utiladanak.exe

Digital Signature

Signed by:

Adanak

Authority:

VeriSign, Inc.

Valid from:

4/22/2014 2:00:00 AM

Valid to:

4/23/2015 1:59:59 AM

Subject:

CN=Adanak, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Adanak, L=Santa Monica, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

54EAA4FDDD0AEB1183ED278A995C36F7

File PE Metadata

Compilation timestamp:

10/25/2014 10:30:10 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:2J6uUBJSQelm9sxbN+2CgQg3lSFYQX5LnxXlZjPf7V8OHr13rKG37Z:2Y3+holUKtDV807KG3V

Entry address:

0x7F8DE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 59, 00, 00, 00, 20, F9, 07, 00, 20, DB, 07, 00, 52, 53, 44, 53, B8, 26, E0, D3, 98, 20, 70, 4C, 9F, F5, A3, 04, A5, 60, 7A, 42, 01, 00, 00, 00, 44, 3A, 5C, 55, 74, 69, 6C, 69, 74, 69, 65, 73, 5C, 71, 71, 35, 75, 6A, 75, 35, 64, 2E, 79, 72, 75, 5C, 44, 65, 73, 6B, 74, 6F, 70, 5C, 44, 65, 73, 6B... 
[+]

Entropy:

5.9359

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

502.5 KB (514,560 bytes)

Service

Display name:

Update Adanak

Type:

Win32OwnProcess

The file utiladanak.exe has been discovered within the following programs.

Adanak by Yontoo Technology, Inc.

Adanak is an advertising supported (adware) extension that runs in the context of the user's web browser as well as a process in the background.

adanak.net/support

83% remove it

Remove utiladanak.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.