» utilgreenerweb.exe
Overview
Analysis
File Details
Programs (2)

utilgreenerweb.exe

Greener Web

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application utilgreenerweb.exe by Greener Web has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. Additionally, the file is typically installed by a number of programs including Greener Web by Yontoo Technology, Inc. and Buzzdock by Alactro LLC, both potentially unwanted software.

File name:

utilgreenerweb.exe

Publisher:

Greener Web (signed and verified)

Version:

1.0.5291.26500

MD5:

2448b0b1c62ea0ef7258ad8a06223e56

SHA-1:

a0239cfe2325eed4ee93c18945a031eee980699b

SHA-256:

f4cd44a14e364cb8ec15a77c455b8ec0a8f2f84b2d4a24625592700fc128b9fb

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:

4/25/2024 10:17:48 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Yontoo.GreenerWeb (M)

16.2.14.18

File size:

311.3 KB (318,752 bytes)

Product version:

1.0.5291.26500

Original file name:

GreenerWeb.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\greener web\bin\utilgreenerweb.exe

Digital Signature

Signed by:

Greener Web

Authority:

VeriSign, Inc.

Valid from:

4/21/2014 8:00:00 PM

Valid to:

4/22/2015 7:59:59 PM

Subject:

CN=Greener Web, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Greener Web, L=Santa Monica, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

5AE1591EB6D76718ADCE211DFB4D195B

File PE Metadata

Compilation timestamp:

6/27/2014 11:43:37 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:kocBn8BjQrNY3ZkPGcre6T72wRigJKmuGubl:kocBkj8Y3zvwYgz1E

Entry address:

0x4D8EA

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

302.5 KB (309,760 bytes)

The file utilgreenerweb.exe has been discovered within the following programs.

Buzzdock by Alactro LLC

This is a web browser extension that injects advertising. From the EULA: "Buzzdock is free to download and use. Buzzdock is supported by advertising, and users will see additional ads on websites where Buzzdock features operate.

www.buzzdock.com/faq-support

79% remove it

Greener Web by Yontoo Technology, Inc.

This adware software (a branded version of the morphing Yontoo adware browser addon) injects itself into the user's web browser (IE, Chrome and Firefox) and will display out-of context advertising on web sites that are not associated with Yontoo or its affiliate partners.

greenerweb.info/support

80% remove it

Remove utilgreenerweb.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.