» utilbrowsestudio.exe
Overview
Analysis
File Details
Programs (1)

utilbrowsestudio.exe

BrowseStudio

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application utilbrowsestudio.exe by BrowseStudio has been detected as adware by 19 anti-malware scanners. This file is typically installed with the program BrowseStudio by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

Publisher:

BrowseStudio (signed and verified)

Version:

1.0.5502.27714

MD5:

16946fe913efbbda8fd1936a195597d0

SHA-1:

14a253daf163c7936187e9c9b0caaccd04223d0f

SHA-256:

d1635cebea97c2791117b62d2954f60953eddfd2977711a0deb25898311ccd0b

Scanner detections:

19 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/26/2024 12:34:12 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.SwiftBrowse.CS

6434017

AhnLab V3 Security

Win-PUP/BrowseFox.Gen

2015.01.25

Avira AntiVirus

Adware/BrowseFox.aol

7.11.204.248

avast!

Win32:BrowseFox-EN [PUP]

150101-1

AVG

Generic

2016.0.3219

Baidu Antivirus

Adware.MSIL.BrowseFox

4.0.3.15124

Bitdefender

Adware.SwiftBrowse.CS

1.0.20.120

Emsisoft Anti-Malware

Adware.SwiftBrowse.CS

9.0.0.4799

ESET NOD32

MSIL/BrowseFox.H potentially unwanted application

7.0.302.0

F-Secure

Adware.SwiftBrowse.CS

5.13.68

G Data

Adware.SwiftBrowse.CS

15.1.24

K7 AntiVirus

Adware

13.192.14744

Malwarebytes

PUP.Optional.BrowseStudio.A

v2015.01.24.09

MicroWorld eScan

Adware.SwiftBrowse.CS

16.0.0.72

Norman

Adware.SwiftBrowse.CS

03.12.2014 13:20:04

nProtect

Adware.SwiftBrowse.CS

15.01.23.01

Qihoo 360 Security

Win32/Virus.Adware.240

1.0.0.1015

Reason Heuristics

PUP.Yontoo

15.1.24.21

VIPRE Antivirus

Threat.4741131

36666

File size:

657.2 KB (673,008 bytes)

Product version:

1.0.5502.27714

Original file name:

BrowseStudio2015012423.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\browsestudio\bin\utilbrowsestudio.exe

Digital Signature

Signed by:

BrowseStudio

Authority:

VeriSign, Inc.

Valid from:

9/2/2014 10:00:00 AM

Valid to:

9/3/2015 9:59:59 AM

Subject:

CN=BrowseStudio, O=BrowseStudio, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

11AE532A33120159E1078A0D3EDE88C9

File PE Metadata

Compilation timestamp:

1/25/2015 10:23:55 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

12288:92mhcx+hHOZZnt6bjoy3fjnpz93sI3sveOJED1SZphaPq2h:92mhcx+sHybrLKrJED1Ss

Entry address:

0xA404A

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.9962

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

648.5 KB (664,064 bytes)

The file utilbrowsestudio.exe has been discovered within the following program.

BrowseStudio by Yontoo Technology, Inc.

BrowseStudio is an adware program (supported by various types of advertising) that is usually bundled by third party installers and download managers.

browsestudio.com/support

81% remove it

Remove utilbrowsestudio.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.