home

utilgreenerweb.exe

Greener Web

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application utilgreenerweb.exe by Greener Web has been detected as adware by 6 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Update Greener Web”. This file is typically installed with the program Greener Web by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Greener Web  (signed and verified)

Version:
1.0.5280.26382

MD5:
58b91274a2aed407b84a2446ef1e73a1

SHA-1:
ec651376a152a20ef8741f23457db976301e59d3

SHA-256:
b7a9655709ffc15b9fa2f9d047aad93a7e0c75fc16f0e81100723d809389aeca

Scanner detections:
6 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/19/2024 12:59:55 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Greenerweb
2015.0.3441

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.14617

ESET NOD32
Win32/BrowseFox (variant)
8.9956

McAfee
Artemis!58B91274A2AE
5600.7097

Reason Heuristics
PUP.GreenerWeb.O
14.6.17.10

Trend Micro House Call
Suspicious_GEN.F47V0617
7.2.168

File size:
310.3 KB (317,728 bytes)

Product version:
1.0.5280.26382

Original file name:
GreenerWeb.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\greener web\bin\utilgreenerweb.exe

Digital Signature
Signed by:
Greener Web

Authority:
VeriSign, Inc.

Valid from:
4/22/2014 4:00:00 AM

Valid to:
4/23/2015 3:59:59 AM

Subject:
CN=Greener Web, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Greener Web, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5AE1591EB6D76718ADCE211DFB4D195B

File PE Metadata
Compilation timestamp:
6/16/2014 7:39:39 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:HgBn8xbFV3Umikdh+7maFfQmW1VdB9PMub08Bs:HgB4brUm3gOmWdAhss

Entry address:
0x4D5E2

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, E0, 02, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 50, 00, 00, 00, 5C, E0, 04, 00, 84, 02, 00, 00, 00, 00, 00, 00, 84, 02, 34, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
301.5 KB (308,736 bytes)

Service
Display name:
Update Greener Web

Type:
Win32OwnProcess


The file utilgreenerweb.exe has been discovered within the following programs.

Greener Web  by Yontoo Technology, Inc.
This adware software (a branded version of the morphing Yontoo adware browser addon) injects itself into the user's web browser (IE, Chrome and Firefox) and will display out-of context advertising on web sites that are not associated with Yontoo or its affiliate partners.
greenerweb.info/support
80% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a23-4-37-163.deploy.static.akamaitechnologies.com  (23.4.37.163:80)

TCP (HTTP):
Connects to a23-55-155-27.deploy.static.akamaitechnologies.com  (23.55.155.27:80)

TCP (HTTP):
Connects to a23-51-123-27.deploy.static.akamaitechnologies.com  (23.51.123.27:80)

Remove utilgreenerweb.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.