Zebar.PurBrowseG.dll

Zebar

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module Zebar.PurBrowseG.dll by Zebar has been detected as adware by 5 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Remove Zebar.PurBrowseG.dll - Powered by Reason Core Security
Publisher:
Zebar  (signed and verified)

Version:
1.0.5273.20246

MD5:
06bc2958fb432919f47a0848ebf1bc30

SHA-1:
968e78c67b3b31b49dd0e05540a0e5f7b6aecfb4

SHA-256:
f220f6c9d9b4c7bc27cd7d001bba5942aef8b1074921608933c21764bf414fae

Scanner detections:
5 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
12/9/2016 12:49:29 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Zebrar
2015.0.3447

Baidu Antivirus
Adware.MSIL.BrowseFox
4.0.3.14610

ESET NOD32
MSIL/BrowseFox.G potentially unwanted application
7.0.302.0

Malwarebytes
v2014.06.10.06

Reason Heuristics
PUP.Zebar.P
14.6.10.17

Remove Zebar.PurBrowseG.dll - Powered by Reason Core Security
File size:
780.8 KB (799,512 bytes)

Product version:
1.0.5273.20246

Original file name:
Zebar.PurBrowseG.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\zebar\bin\plugins\zebar.purbrowseg.dll

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
3/9/2014 7:00:00 PM

Valid to:
3/10/2015 6:59:59 PM

Subject:
CN=Zebar, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Zebar, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
443A7E0E2025885A74F146162C4BEE38

File PE Metadata
Compilation timestamp:
6/9/2014 7:15:10 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:r9l0LjWGCQdtbPm5R7joMx5iXhvC6Xjfqsaf3yXPAdJh6OkQe/f3HPZXhAIxd1F:f0LEeU5R7udTAf3yyb6vQe33X1

Entry address:
0xC317E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
772.5 KB (791,040 bytes)

Remove Zebar.PurBrowseG.dll - Powered by Reason Core Security