home

XavenBrowserFilter.exe

Xaven

Installed as part of the Yontoo Xaven branded web browser extension, the BrowserFilter component is responsible for injecting advertising in the browser based on the context of the HTML being rendered. Ads are injected in the browser in the form of inline text, coupons, multi-site searching and additional offers. The application XavenBrowserFilter.exe by Xaven has been detected as adware by 9 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Xaven  (signed and verified)

Version:
0.0.0.0

MD5:
e851c534ed4ea0bcd118ba39508f36c8

SHA-1:
1f2c7b4b891648376c6fa8a8d668ccd9355a1b91

SHA-256:
315993107a760d222db5d080c458de3f3c32ee84ed1193b7562970048f77e037

Scanner detections:
9 / 68

Status:
Adware

Explanation:
Part of the Yontoo ad injection web browser add-on.

Analysis date:
4/26/2024 4:57:02 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/BrowseFox.Gen7
7.11.182.116

AVG
Xaven
2015.0.3305

Comodo Security
ApplicUnwnt
19945

ESET NOD32
MSIL/BrowseFox.B potentially unwanted application
7.0.302.0

F-Prot
W32/A-db42cb3b
v6.4.7.1.166

Malwarebytes
PUP.Optional.Sanbreel.A
v2014.10.30.03

McAfee
BrowseFox-FQX
5600.6961

Reason Heuristics
Adware.Yontoo.Xaven.S
14.10.30.14

VIPRE Antivirus
Threat.4741131
34232

File size:
41.3 KB (42,264 bytes)

Product version:
0.0.0.0

Original file name:
XavenBrowserFilter.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\xaven\bin\xavenbrowserfilter.exe

Digital Signature
Signed by:
Xaven

Authority:
VeriSign, Inc.

Valid from:
10/7/2013 3:00:00 AM

Valid to:
10/8/2014 2:59:59 AM

Subject:
CN=Xaven, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Xaven, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0A5CE2C650CAC6A06298CBDABAEB9E5A

File PE Metadata
Compilation timestamp:
3/5/2014 4:35:37 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:aQjCXFl1jIWPxwJLtZV6bJ0NVYN/f70M:PGXPyWPmJLPGJ0NI/DD

Entry address:
0x9FFE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
32.5 KB (33,280 bytes)

Remove XavenBrowserFilter.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.