wstlibg.sys
outobox
Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The file wstlibg.sys by outobox has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a Windows 64-bit kernel mode device driver named “wStLibG”.
Publisher:
StdLib (signed by outobox)
Version:
1.4.3.1 built by: WinDDK
MD5:
7d5b493cb307c227dd3d49b30b9cf452
SHA-1:
788d930181d0b108721aa217e054adc47a31cefe
SHA-256:
a3fea5600e67fc1d7deb454dbccbcf3673993af355ecae699892891ca97542d1
Scanner detections:
1 / 68
Explanation:
Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.
Analysis date:
4/25/2024 6:38:50 PM UTC (today)
Scan engine
Detection
Engine version
Reason Heuristics
PUP.outobox.K
14.8.7.20
File size:
51.7 KB (52,920 bytes)
Copyright:
Copyright © 2013 StdLib
Original file name:
StdLib.sys
File type:
Driver (Win64 SYS)
Language:
English (United States)
Common path:
C:\Windows\System32\drivers\wstlibg.sys
Valid from:
10/7/2013 2:00:00 AM
Valid to:
10/8/2014 1:59:59 AM
Subject:
CN=outobox, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=outobox, L=San Diego, S=California, C=US
Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Serial number:
603472DEF1C8B65B2E93E06C16768DB7
CTPH (ssdeep):
768:jIsHpnKHCBSqUPJHKQpkJxpKwT2bcWiJmOtX3g2rp3lnP4mY:csHRKHLJqQpkYwTsiTtXxtAmY
Driver
Type:
Kernel device driver (KernelDriver)