home

netcrawl.purbrowse64.exe

NetCrawl

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application netcrawl.purbrowse64.exe by NetCrawl has been detected as adware by 18 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
NetCrawl  (signed and verified)

MD5:
77ce74aaeb142b6f9e22bc12c2595635

SHA-1:
b0f6b3547a771a7f6c979d180564e682721d00d3

SHA-256:
58a9e4ac03374d666f82f7db4aa21e107bac3843e8dd3bb396994b74955b8084

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/25/2024 12:19:36 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.SwiftBrowse.AQ
919

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
Adware/Win64.Browsefox
2014.07.31

AVG
Adware BrowseFox.A
2015.0.3397

Baidu Antivirus
Adware.Win64.BrowseFox
4.0.3.14731

Bitdefender
Adware.SwiftBrowse.AQ
1.0.20.1060

Dr.Web
Trojan.BPlug.100
9.0.1.0212

Emsisoft Anti-Malware
Adware.SwiftBrowse.AQ
8.14.07.31.06

ESET NOD32
Win64/BrowseFox.A potentially unwanted application
8.7.0.302.0

F-Secure
Adware.SwiftBrowse.AQ
11.2014-31-07_5

G Data
Adware.SwiftBrowse.AQ
14.7.24

herdProtect (fuzzy)
variant of infotrigger2.purbrowse64.exe (Adware)
2014.9.10.14

IKARUS anti.virus
PUA.BrowseFox
t3scan.1.6.1.0

McAfee
Artemis!77CE74AAEB14
5600.7053

MicroWorld eScan
Adware.SwiftBrowse.AQ
15.0.0.636

nProtect
Adware.SwiftBrowse.AQ
14.07.30.01

Reason Heuristics
Adware.Yontoo.NetCrawl.T
14.7.31.5

VIPRE Antivirus
Threat.4150696
31208

File size:
280.3 KB (287,008 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\netcrawl\bin\netcrawl.purbrowse64.exe

Digital Signature
Signed by:
NetCrawl

Authority:
VeriSign, Inc.

Valid from:
4/29/2014 2:00:00 AM

Valid to:
4/30/2015 1:59:59 AM

Subject:
CN=NetCrawl, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=NetCrawl, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3C05F8D25EB72CD5B6EB863AA0585F70

File PE Metadata
Compilation timestamp:
7/3/2014 9:12:54 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
6144:HoZk/KUcMPY18Ou41b4pPyK4j/TTl0yhv3Q7YTTBdZg1ga3NUh:HYk/KUgluPPCxXo7YTTfZs36h

Entry address:
0x201A0

Entry point:
48, 83, EC, 28, E8, 53, 77, 00, 00, 48, 83, C4, 28, E9, 76, FE, FF, FF, CC, CC, 48, 89, 5C, 24, 10, 48, 89, 7C, 24, 18, 55, 48, 8B, EC, 48, 83, EC, 60, 48, 8B, FA, 48, 8B, D9, 48, 8D, 4D, C0, 48, 8D, 15, E9, 04, 01, 00, 41, B8, 40, 00, 00, 00, E8, 8E, E4, FF, FF, 48, 8D, 55, 10, 48, 8B, CF, 48, 89, 5D, E8, 48, 89, 7D, F0, E8, 0E, 99, 00, 00, 4C, 8B, D8, 48, 89, 45, 10, 48, 89, 45, F8, 48, 85, FF, 74, 1B, F6, 07, 08, B9, 00, 40, 99, 01, 74, 05, 89, 4D, E0, EB, 0C, 8B, 45, E0, 4D, 85, DB, 0F, 44, C1, 89, 45...
 
[+]

Entropy:
6.3019

Code size:
185 KB (189,440 bytes)

Remove netcrawl.purbrowse64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.