home

Xaven.IEUpdate.dll

Xaven

This is the Internet Explorer add-on for the Yontoo Xaven branded web browser plugin (injects banner, text-link and popup ads). The component is responisble for registering the Browser Helper Object into IE and keeping it registered. The module Xaven.IEUpdate.dll by Xaven has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Xaven  (signed and verified)

Version:
1.0.5197.30468

MD5:
440e222b59d97280a4a83d5d07038598

SHA-1:
705e84b28ba9eb3912d2bd700cbdab53f61ee525

SHA-256:
8ffb6da83fec8d22a7e8809d99c049a0a2ed7dac791e3d714458124c2eef338c

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Yontoo distributed ad-supported web browser add-on for Internet Explorer.

Analysis date:
4/26/2024 10:43:30 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Yontoo.Xaven (M)
15.10.20.3

File size:
531.8 KB (544,536 bytes)

Product version:
1.0.5197.30468

Original file name:
Xaven.IEUpdate.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

Common path:
C:\Program Files\xaven\bin\plugins\xaven.ieupdate.dll

Digital Signature
Signed by:
Xaven

Authority:
VeriSign, Inc.

Valid from:
10/6/2013 5:00:00 PM

Valid to:
10/7/2014 4:59:59 PM

Subject:
CN=Xaven, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Xaven, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0A5CE2C650CAC6A06298CBDABAEB9E5A

File PE Metadata
Compilation timestamp:
3/25/2014 10:55:45 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:3wDZis5LGyg4Ci1CLdmWm4rwB0mqXRdNtdHf57FXpSsWEEJ:3wDt56qCLmYwWmw9tdf57FssW

Entry address:
0x84C0A

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.8706

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
523.5 KB (536,064 bytes)

Remove Xaven.IEUpdate.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.