» utilbrowsefox.exe
Overview
Analysis
File Details
Programs (2)

utilbrowsefox.exe

Browse Fox

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application utilbrowsefox.exe by Browse Fox has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. Additionally, the file is typically installed by a number of programs including BrowseFox 3.0.0 by Yontoo Technology, Inc. and Buzzdock by Alactro LLC, both potentially unwanted software. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

utilbrowsefox.exe

Publisher:

Browse Fox (signed and verified)

Version:

1.0.5290.15474

MD5:

e645d9d307c2a43dd63441bb90a6e243

SHA-1:

7bc9b6c8c87eae436961627bc741c1579c141679

SHA-256:

6eb6c3605f769e140483dbd04e950bdf0aed2ba7271068dfbc4af580194f7849

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/25/2024 3:23:17 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Yontoo.BrowseFox (M)

16.1.11.1

File size:

311.3 KB (318,752 bytes)

Product version:

1.0.5290.15474

Original file name:

BrowseFox.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\browsefox\bin\utilbrowsefox.exe

Digital Signature

Signed by:

Browse Fox

Authority:

VeriSign, Inc.

Valid from:

7/29/2013 8:00:00 PM

Valid to:

7/30/2014 7:59:59 PM

Subject:

CN=Browse Fox, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Browse Fox, L=Santa Monica, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

3DA9F504A9E9628C2224F40C9EA90C86

File PE Metadata

Compilation timestamp:

6/26/2014 5:36:05 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:5/XBn8fKlzKnj7FkdM+E83XGkw9V3mNubNJeay:5/XBGKwn3Tqwz2M6

Entry address:

0x4D8D6

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

302.5 KB (309,760 bytes)

The file utilbrowsefox.exe has been discovered within the following programs.

BrowseFox 3.0.0 by Yontoo Technology, Inc.

This is a web browser extension and Browser helper Object (for Internet Explorer) that delivers contextual based advertising to the web browser. In addition it will modify the user's browser home and search pages as well as 'New Tab' pages to push advertising and search.

browsefox.com/support

78% remove it

Buzzdock by Alactro LLC

This is a web browser extension that injects advertising. From the EULA: "Buzzdock is free to download and use. Buzzdock is supported by advertising, and users will see additional ads on websites where Buzzdock features operate.

www.buzzdock.com/faq-support

79% remove it

Remove utilbrowsefox.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.