home

maintainer.bak

EnterDigital

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The file maintainer.bak by EnterDigital has been detected as adware by 29 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
EnterDigital  (signed and verified)

Version:
1.0.5572.13300

MD5:
fc85c870ad450f284b22f704aa532b74

SHA-1:
d9bd7c946ddee6761469dcd719163b9c441b2b8b

SHA-256:
0cc96d679d34bc1b12b13a65dc01e82c4964e1a4ccc0729c9e0c5dfd57dcc145

Scanner detections:
29 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
5/11/2024 6:58:37 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SwiftBrowse.CR
667

Agnitum Outpost
PUA.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.BrowseFox
2015.04.05

Avira AntiVirus
ADWARE/BrowseFox.aoj
3.6.1.96

avast!
Win32:BrowseFox-EU [PUP]
2014.9-150409

AVG
AdPlugin
2016.0.3145

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.1549

Bitdefender
Adware.SwiftBrowse.CR
1.0.20.495

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Agent-41785
0.98/21511

Dr.Web
Trojan.Yontoo.1734
9.0.1.099

Emsisoft Anti-Malware
Adware.SwiftBrowse.CR
8.15.04.09.07

ESET NOD32
Win32/BrowseFox.V potentially unwanted (variant)
9.11427

F-Prot
W32/S-11fc74d1
v6.4.7.1.166

F-Secure
Adware.SwiftBrowse.CR
11.2015-09-04_5

G Data
Adware.SwiftBrowse.CR
15.4.25

herdProtect (fuzzy)
variant of maintainer.exe (Adware)
2015.7.12.5

K7 AntiVirus
Unwanted-Program
13.202.15487

Kaspersky
not-a-virus:AdWare.Win64.Agent
14.0.0.2219

Malwarebytes
PUP.Optional.Browsefox
v2015.04.09.07

McAfee
Artemis!FC85C870AD45
5600.6801

MicroWorld eScan
Adware.SwiftBrowse.CR
16.0.0.297

NANO AntiVirus
Trojan.Win32.Yontoo.dpmcsm
0.30.8.659

nProtect
Adware.SwiftBrowse.CR
15.04.03.01

Panda Antivirus
Generic Suspicious
15.04.09.07

Reason Heuristics
PUP.EnterDigital
15.4.9.3

Sophos
Browse Fox
4.98

VIPRE Antivirus
Yontoo
39074

Zillya! Antivirus
Adware.Agent.Win32.52012
2.0.0.2127

File size:
125.2 KB (128,240 bytes)

Product version:
1.0.5572.13300

Language:
English (United States)

Common path:
C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.bak

Digital Signature
Signed by:
EnterDigital

Authority:
VeriSign, Inc.

Valid from:
9/2/2014 4:00:00 AM

Valid to:
9/3/2015 3:59:59 AM

Subject:
CN=EnterDigital, O=EnterDigital, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1E3B5C4453E4282F35D4B16FE677D245

File PE Metadata
Compilation timestamp:
4/5/2015 9:40:05 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:SD1Ll2ZpujSiZF4gmsym2UG0IHhxDOXdVJR:SBVDFHxKuXfv

Entry address:
0x9872

Entry point:
E8, 75, 62, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, 68, C2, 41, 00, 33, C5, 89, 45, FC, 83, 7D, 08, FF, 57, 74, 09, FF, 75, 08, E8, 59, 50, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 6A, 4C, 8D, 85, E4, FC, FF, FF, 6A, 00, 50, E8, 7A, F3, FF, FF, 8D, 85, E0, FC, FF, FF, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 83, C4, 0C, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89, BD, CC...
 
[+]

Entropy:
6.2060

Code size:
72.5 KB (74,240 bytes)

Remove maintainer.bak - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.