home

utilbrowsestudio.exe

BrowseStudio

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application utilbrowsestudio.exe by BrowseStudio has been detected as adware by 16 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
BrowseStudio  (signed and verified)

Version:
1.0.5441.18674

MD5:
e582a34c7ce1ada2958d21e14f494ca9

SHA-1:
2f0fa299ed645a2099ceec5af40b22b2027ac43d

SHA-256:
9cfc6f239f107139ff9b4d109b6577705b4215894fc1f255759450b4e14eddae

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/25/2024 7:02:06 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SwiftBrowse.CS
5832705

AhnLab V3 Security
PUP/Win32.SwiftBrowse
2014.11.25

Avira AntiVirus
Adware/BrowseFox.aol
7.11.188.128

AVG
Generic
2015.0.3280

Baidu Antivirus
Adware.MSIL.BrowseFox
4.0.3.141124

Bitdefender
Adware.SwiftBrowse.CS
1.0.20.1640

Dr.Web
Trojan.Yontoo.115
9.0.1.05190

Emsisoft Anti-Malware
Adware.SwiftBrowse.CS
9.0.0.4570

ESET NOD32
MSIL/BrowseFox.G potentially unwanted application
7.0.302.0

F-Secure
Adware.SwiftBrowse.CS
11.2014-24-11_2

G Data
Adware.SwiftBrowse.CS
14.11.24

K7 AntiVirus
Adware
13.185.14120

Malwarebytes
PUP.Optional.BrowseStudio.A
v2014.11.24.03

MicroWorld eScan
Adware.SwiftBrowse.CS
15.0.0.984

nProtect
Adware.SwiftBrowse.CS
14.11.24.01

Reason Heuristics
PUP.BrowseStudio.Q
14.11.24.15

File size:
413.2 KB (423,152 bytes)

Product version:
1.0.5441.18674

Original file name:
BrowseStudio2014112418.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\browsestudio\bin\utilbrowsestudio.exe

Digital Signature
Signed by:
BrowseStudio

Authority:
VeriSign, Inc.

Valid from:
9/2/2014 2:00:00 AM

Valid to:
9/3/2015 1:59:59 AM

Subject:
CN=BrowseStudio, O=BrowseStudio, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
11AE532A33120159E1078A0D3EDE88C9

File PE Metadata
Compilation timestamp:
11/24/2014 7:22:28 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:K6nkLubnmKwPcyI3e6Y8QBNlrgs+DyYiJNhAT6JQbQ6f+RD95FrGpkHET:xnkLLE3ebld+Dy7pafbQbtaz

Entry address:
0x6713E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
404.5 KB (414,208 bytes)

Remove utilbrowsestudio.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.