home

YontooIEClient.dll

Yontoo Layers Runtime

Yontoo LLC

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module YontooIEClient.dll by Yontoo has been detected as adware by 11 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Yontoo Layers’. This file is typically installed with the program Yontoo Layers Runtime 1.10.01 by Yontoo Technology, Inc. which is a potentially unwanted software program.
Publisher:
Yontoo LLC  (signed and verified)

Product:
Yontoo Layers Runtime

Version:
1.10.01

MD5:
07f3168f831b6ceff9fa007f9e07bbb5

SHA-1:
83a658c6b059570bd2ff48ed0379700f27ce47d5

SHA-256:
509cda1a92c06631e66cf8df091166a9a55368dd0a65c7e5b46128f27925219c

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:
4/24/2024 7:18:47 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
AdWare.Win32.Yontoo
4.0.3.14227

Bkav FE
HW32.Laneul
1.3.0.4246

Boost by Reason
Optional.BHO.Yontoo.O
188838

Comodo Security
Application.Win32.Yontoo.a
17312

Dr.Web
Adware.Siggen.24249
9.0.1.058

Emsisoft Anti-Malware
Adware.Win32.Yontoo.AMN
8.14.02.27.12

ESET NOD32
Win32/Adware.Yontoo (variant)
8.9079

Malwarebytes
Adware.Yontoo
v2014.02.27.12

Reason Heuristics
PUP.BHO.Yontoo.O
14.8.7.17

Trend Micro House Call
TROJ_GEN.RC1H1KN
7.2.58

VIPRE Antivirus
Yontoo
21562

File size:
769.3 KB (787,744 bytes)

Product version:
1.10.01

Copyright:
Copyright (c) 2011 Yontoo LLC. All rights reserved.

Original file name:
YontooIEClient.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\yontoo layers runtime\yontooieclient.dll

Digital Signature
Signed by:
Yontoo LLC

Authority:
GoDaddy.com, Inc.

Valid from:
5/9/2011 10:10:37 PM

Valid to:
5/9/2012 10:10:37 PM

Subject:
CN=Yontoo LLC, O=Yontoo LLC, L=Carlsbad, S=CA, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
07E1F9EBCCC1AC

File PE Metadata
Compilation timestamp:
6/21/2011 6:35:47 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:gjf54l7BW967yn8VUwZRUPylcjiZ5lYDxvxe0Qv5VxlT:gjf5d67y8VUw/GqZ5ls6LT

Entry address:
0x47B90

Entry point:
E9, 3B, 87, 04, 00, E9, 86, BB, 00, 00, E9, 23, 1E, 03, 00, E9, FC, B8, 04, 00, E9, 97, 98, 00, 00, E9, 22, 4B, 08, 00, E9, CD, 95, 01, 00, E9, 18, 31, 03, 00, E9, 43, FA, 04, 00, E9, BE, B7, 00, 00, E9, 99, 76, 07, 00, E9, D4, 08, 03, 00, E9, 2F, FB, 02, 00, E9, FA, C7, 03, 00, E9, 35, 4B, 01, 00, E9, F0, 4F, 00, 00, E9, EB, 88, 02, 00, E9, 36, 52, 05, 00, E9, A1, C9, 06, 00, E9, 6C, 48, 04, 00, E9, 17, DD, 03, 00, E9, A2, 79, 08, 00, E9, DD, FE, 00, 00, E9, 08, 9E, 03, 00, E9, C3, 95, 02, 00, E9, 4E, 1C...
 
[+]

Entropy:
5.6635

Developed / compiled with:
Microsoft Visual C++ 8.0 (Debug)

Code size:
582.5 KB (596,480 bytes)

Internet Explorer BHO
Display name:
Yontoo Layers

CLSID:
{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}


The file YontooIEClient.dll has been discovered within the following program.

Yontoo Layers Runtime 1.10.01  by Yontoo Technology, Inc.
Yontoo Layers Runtime is a web browser toolbar and extension that allows users to personalize their web experience when utilizing Internet Explorer, Mozilla Firefox, and Chrome.
www.yontoo.com
84% remove it
 
Powered by Should I Remove It?

Remove YontooIEClient.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.