» webget.FirstRun.exe
Overview
Analysis
File Details

webget.FirstRun.exe

FirstRun

webget

The Yontoo branded FirstRun executable is distributed as part of a Yontoo product bundle and is desigend to install components of this ad-supported (injection) program as well as 'call home' to inform the server that the extension was installed and may request additional instructions. The application webget.FirstRun.exe by webget has been detected as adware by 25 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

webget.FirstRun.exe

Publisher:

webget (signed and verified)

Product:

FirstRun

Version:

1.0.0.0

MD5:

ab15d8ff66384c7eeed45b0d31ae45e7

SHA-1:

55d71dbe69f94e1fbaf358c5111a56a1f287fe44

SHA-256:

5555b3dd59c908a30741599cdb2d70e110717446f8182c963a48537efe141ea3

Scanner detections:

25 / 68

Status:

Adware

Explanation:

Part of the Yontoo ad injection web browser add-on.

Analysis date:

4/25/2024 5:51:11 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.SwiftBrowse.AD

354

AhnLab V3 Security

Win-PUP/BrowseFox.Gen

2015.02.02

Avira AntiVirus

APPL/BrowseFox.Gen

7.11.154.122

avast!

Win32:BrowseFox-F [PUP]

2014.9-160215

AVG

Webet

2017.0.2832

Baidu Antivirus

Adware.MSIL.BrowseFox

4.0.3.16215

Bitdefender

Adware.SwiftBrowse.AD

1.0.20.230

Bkav FE

W32.HfsAdware

1.3.0.6379

Emsisoft Anti-Malware

Adware.SwiftBrowse.AD

8.16.02.15.02

ESET NOD32

MSIL/BrowseFox.D potentially unwanted application

10.7.0.302.0

F-Prot

W32/S-c5a74904

v6.4.7.1.166

F-Secure

Adware.SwiftBrowse.AD

11.2016-15-02_2

G Data

Adware.SwiftBrowse.AD

16.2.24

K7 AntiVirus

Unwanted-Program

13.193.14828

Kaspersky

not-a-virus:AdWare.Win32.SwiftBrowse

14.0.0.657

Malwarebytes

PUP.Optional.Sambreel.A

v2016.02.15.02

McAfee

BrowseFox.a

5600.6488

MicroWorld eScan

Adware.SwiftBrowse.AD

17.0.0.138

NANO AntiVirus

Trojan.Win32.CCM.cwxrgd

0.28.0.59608

Norman

Adware.SwiftBrowse.AD

11.20160215

nProtect

Adware.SwiftBrowse.AD

15.01.30.01

Reason Heuristics

Adware.Yontoo.webget (M)

16.2.15.14

Sophos

PUA 'Browse Fox'

Trend Micro House Call

TROJ_GEN.F47V0604

7.2.46

VIPRE Antivirus

Yontoo

30198

File size:

1.1 MB (1,122,584 bytes)

Product version:

1.0.0.0

Original file name:

webget.FirstRun.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\webget\webget.firstrun.exe

Digital Signature

Signed by:

webget

Authority:

VeriSign, Inc.

Valid from:

4/22/2014 7:00:00 AM

Valid to:

4/23/2015 6:59:59 AM

Subject:

CN=webget, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=webget, L=Santa Monica, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

2DDF0A91A7D2108F978BEB26D4734BBA

File PE Metadata

Compilation timestamp:

5/21/2014 11:05:49 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

24576:i9Ruycb6tzzjSuas+eXVz1iEbESNppqkPduu/k6z5FZJH1CjeotV:i9syLf20TXVpB4SNpwOdd/k6z39CP

Entry address:

0x111D92

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00... 
[+]

Entropy:

7.9256

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

1.1 MB (1,113,600 bytes)

Remove webget.FirstRun.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.