» utilviewplay.exe
Overview
Analysis
File Details
Programs (1)

utilviewplay.exe

ViewPlay

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application utilviewplay.exe by ViewPlay has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program ViewPlay by Yontoo Technology, Inc. which is a potentially unwanted software program.

File name:

utilviewplay.exe

Publisher:

ViewPlay (signed and verified)

Version:

1.0.5395.10578

MD5:

df011afdfc5a9d8860078bef576769d7

SHA-1:

a6b7a64949f1d86c4a07195a9c58db0f19b2d391

SHA-256:

7f6f83aac33130cb6a18e925e1865be2762e253f884813799d9ef1e020f5afbf

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:

4/20/2024 2:35:03 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Yontoo (M)

17.3.1.8

File size:

510.3 KB (522,520 bytes)

Product version:

1.0.5395.10578

Original file name:

ViewPlay.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\viewplay\bin\utilviewplay.exe

Digital Signature

Signed by:

ViewPlay

Authority:

VeriSign, Inc.

Valid from:

11/26/2013 6:00:00 PM

Valid to:

11/27/2014 5:59:59 PM

Subject:

CN=ViewPlay, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=ViewPlay, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0F9F45EC13C318E3C0F42DA156EA0A92

File PE Metadata

Compilation timestamp:

10/9/2014 8:52:41 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

6.0

.NET CLR dependent:

Yes

Entry address:

0x7F3BA

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 5B, 00, 00, 00, FC, F3, 07, 00, FC, D5, 07, 00, 52, 53, 44, 53, C5, D7, 13, 9E, 3B, 48, 8A, 40, B1, CF, 21, D4, 0D, E4, B1, E7, 01, 00, 00, 00, 44, 3A, 5C, 55, 74, 69, 6C, 69, 74, 69, 65, 73, 5C, 73, 74, 78, 78, 78, 32, 79, 6F, 2E, 6F, 77, 6E, 5C, 44, 65, 73, 6B, 74, 6F, 70, 5C, 44, 65, 73, 6B... 
[+]

Entropy:

5.9088

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

501.5 KB (513,536 bytes)

The file utilviewplay.exe has been discovered within the following program.

ViewPlay by Yontoo Technology, Inc.

This adware program injects advertisements with its affiliate ad providers in order to serve a number of ad types including banner, inline text links and popups.

viewplay.net/support

81% remove it

Remove utilviewplay.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.