home

utilopticalsurf.exe

Optical Surf

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application utilopticalsurf.exe by Optical Surf has been detected as adware by 15 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Optical Surf  (signed and verified)

Version:
1.0.5512.27752

MD5:
148221c42a79c59b523b40fec39ecb3c

SHA-1:
f8ad048a4888f0cba5dd6db48222e8a70bed3459

SHA-256:
03cd53f9bd8720784a2fecadf50804ad8b2b3f25ac15499377b6be72db5f857a

Scanner detections:
15 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/25/2024 10:09:45 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Adware/Win32.BrowseFox
2015.02.12

Avira AntiVirus
ADWARE/BrowseFox.Gen7
7.11.209.206

AVG
BrowseFox
2016.0.3179

Baidu Antivirus
Adware.MSIL.BrowseFox
4.0.3.1536

Comodo Security
Application.MSIL.BrowseFox.A
21049

ESET NOD32
MSIL/BrowseFox.G potentially unwanted (variant)
9.11163

K7 AntiVirus
Adware
13.194.14943

Kaspersky
not-a-virus:HEUR:AdWare.MSIL.Kranet
14.0.0.2390

Malwarebytes
PUP.Optional.OpticalSurf.A
v2015.03.06.01

NANO AntiVirus
Riskware.Win32.BPlug.djpkri
0.30.0.65070

Panda Antivirus
Generic Suspicious
15.03.06.01

Qihoo 360 Security
Win32/Virus.Adware.708
1.0.0.1015

Reason Heuristics
PUP.Yontoo
15.3.6.2

Sophos
Generic PUA PI
4.98

VIPRE Antivirus
Adware.BrowseFox
37466

File size:
363.7 KB (372,472 bytes)

Product version:
1.0.5512.27752

Original file name:
OpticalSurf2015020323.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\panda security\panda cloud antivirus\lostandfound\utilopticalsurf.exe

Digital Signature
Signed by:
Optical Surf

Authority:
VeriSign, Inc.

Valid from:
12/17/2014 8:00:00 AM

Valid to:
12/18/2015 7:59:59 AM

Subject:
CN=Optical Surf, O=Optical Surf, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
373EFE200D490F79B1E099C7683F2A7C

File PE Metadata
Compilation timestamp:
2/3/2015 11:25:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:OHCYxcGLjMIYUfCHdmJkRD3KjR3eT3gEBY2aJ5UtbWqvi7nisS8Miff:OHCYxRAC0gExx4xGIff

Entry address:
0x5AA6E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.3650

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
355 KB (363,520 bytes)

Remove utilopticalsurf.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.