» utilmegabrowse.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

utilmegabrowse.exe

Mega Browse

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application utilmegabrowse.exe by Mega Browse has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Util Mega Browse”. This file is typically installed with the program Mega Browse by Yontoo Technology, Inc. which is a potentially unwanted software program.

File name:

utilmegabrowse.exe

Publisher:

Mega Browse (signed and verified)

Version:

1.0.5186.20207

MD5:

6b1235a84ad8ca667dbb340c67954b62

SHA-1:

e746c2e4b2991ef7281de471dd55dfdd6ef84bf8

SHA-256:

46f2c9f3f13b1595258a0b6eafd7da208f271b1fe1ece749ff7ce06f9c43a980

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:

4/26/2024 5:15:21 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Service.MegaBrowse.O

14.3.19.0

File size:

340.8 KB (348,960 bytes)

Product version:

1.0.5186.20207

Original file name:

MegaBrowse.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\mega browse\bin\utilmegabrowse.exe

Digital Signature

Signed by:

Mega Browse

Authority:

VeriSign, Inc.

Valid from:

1/22/2014 4:00:00 AM

Valid to:

1/23/2015 3:59:59 AM

Subject:

CN=Mega Browse, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Mega Browse, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

151F3F44EFA5ADB264205FBF9F779B3D

File PE Metadata

Compilation timestamp:

3/14/2014 4:13:50 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:uqH5C495KZPm0u9IBvZicvyy7Y5zY41BWvfeVzN+m1NwkVR6mQbsY/yl098f3Jpo:uqH5T1z8/a69m57J+FdP

Entry address:

0x54E62

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.0728

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

332 KB (339,968 bytes)

Service

Display name:

Util Mega Browse

Type:

Win32OwnProcess

The file utilmegabrowse.exe has been discovered within the following programs.

Mega Browse by Yontoo Technology, Inc.

This adware program injects advertisements with its affiliate ad providers in order to serve a number of ad types including banner, inline text links and popups.

megabrowse.biz/support

82% remove it

Remove utilmegabrowse.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.