» utilvebergreat.exe
Overview
Analysis
File Details
Programs (1)

utilvebergreat.exe

veberGreat

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application utilvebergreat.exe by veberGreat has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program veberGreat by Yontoo Technology, Inc. which is a potentially unwanted software program.

File name:

utilvebergreat.exe

Publisher:

veberGreat (signed and verified)

Version:

1.0.5299.38275

MD5:

3fdf0304984b47d150a4fe698f32e239

SHA-1:

52bc135049dfc0e02ea128b6356ec6b43de106ef

SHA-256:

5ee3a1001cd3c8059c34858c608a4bd7a45d16aa3ed3754d0ae116d718c87edb

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:

5/4/2024 5:10:18 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Yontoo (M)

17.2.22.11

File size:

311.3 KB (318,752 bytes)

Product version:

1.0.5299.38275

Original file name:

veberGreat.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\vebergreat\bin\utilvebergreat.exe

Digital Signature

Signed by:

veberGreat

Authority:

VeriSign, Inc.

Valid from:

9/18/2013 7:00:00 PM

Valid to:

9/19/2015 6:59:59 PM

Subject:

CN=veberGreat, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=veberGreat, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

377D972BB16B6077E300ED74C9FA32C8

File PE Metadata

Compilation timestamp:

7/5/2014 5:16:04 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

Entry address:

0x4D8C2

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.0836

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

302.5 KB (309,760 bytes)

The file utilvebergreat.exe has been discovered within the following program.

veberGreat by Yontoo Technology, Inc.

The veberGreat adware program injects advertisements with its affiliate ad providers in order to serve a number of ad types including banner, inline text links and popups.

vebergreat.net/support

81% remove it

Remove utilvebergreat.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.