home

utilcrimsolite.exe

crimsolite

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application utilcrimsolite.exe by crimsolite has been detected as adware by 8 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Update crimsolite”. This file is typically installed with the program crimsolite by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
crimsolite  (signed and verified)

Version:
1.0.5205.18404

MD5:
6176f418dcb155d1ee16b4f6cd567203

SHA-1:
a8ab45b1175bc0836ded7ed50be7fbb109f7059c

SHA-256:
893497c0339c7ebad3d71c00db8d94b7eaf947cd06d70b656dffecc390207d5d

Scanner detections:
8 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/26/2024 10:12:29 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
MalSign.Crimso
2016.0.3156

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.15328

ESET NOD32
Win32/BrowseFox (variant)
9.9752

Malwarebytes
PUP.Optional.Crimsolite.A
v2015.03.28.07

McAfee
Artemis!6176F418DCB1
5600.6812

Reason Heuristics
Adware.Yontoo.Service
15.3.28.19

Trend Micro House Call
TROJ_GEN.F47V0402
7.2.87

VIPRE Antivirus
Trojan.Win32.Generic
28804

File size:
342.3 KB (350,496 bytes)

Product version:
1.0.5205.18404

Original file name:
crimsolite.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\crimsolite\bin\utilcrimsolite.exe

Digital Signature
Signed by:
crimsolite

Authority:
VeriSign, Inc.

Valid from:
11/26/2013 5:00:00 PM

Valid to:
11/27/2014 4:59:59 PM

Subject:
CN=crimsolite, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=crimsolite, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
02CCA1F2B8F504106134601E82CFA150

File PE Metadata
Compilation timestamp:
4/2/2014 5:13:45 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:ETp5C4k60CY1GR41wWvxeVzN+o5lbyVAty10qRU03gKYCclbjYPt:ETp5brYWqdgKbYYPt

Entry address:
0x5556A

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.0844

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
333.5 KB (341,504 bytes)

Service
Display name:
Update crimsolite

Type:
Win32OwnProcess


The file utilcrimsolite.exe has been discovered within the following program.

crimsolite  by Yontoo Technology, Inc.
crimsolite is an adware application that is distributed by Yontoo, a division of Sambreel Holdings based in Carlsbad, CA. It is a rebrand of the various other web browser extensions that Yontoo delivers all with similar names. The program is included as part of a download bundle.
crimsolite.co/support
79% remove it
 
Powered by Should I Remove It?

Remove utilcrimsolite.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.