Reason Labs

{11207755-8d7c-48d5-b7f0-2cc889e81a77}.dll

Positive Finds

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module {11207755-8d7c-48d5-b7f0-2cc889e81a77}.dll by Positive Finds has been detected as Adware.Yontoo. It is also typically executed from the user's temporary directory.
Publisher:
Positive Finds  (signed and verified)

Version:
1.0.5727.17561

MD5:
8f1dcc91d1e0cc1783a239827600e337

SHA-1:
d1820013eddfda232e3c227373cc0d21e20e5e4c

SHA-256:
db182a9e11359c0927ebdab4c6f7712c97a54d16e7d59720d220bc950d5d7442

Detection:
Adware.Yontoo

Risk:
Medium

Explanation:
Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser.

Analysis date:
12/15/2018 10:39:32 PM UTC  (today)

File size:
532.8 KB (545,552 bytes)

Product version:
1.0.5727.17561

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{11207755-8d7c-48d5-b7f0-2cc889e81a77}.dll

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
11/5/2014 1:00:00 AM

Valid to:
11/6/2015 12:59:59 AM

Subject:
CN=Positive Finds, O=Positive Finds, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
36C47A2CBAB882A650F1E1B7D4BE3A45

File PE Metadata
Compilation timestamp:
9/6/2015 6:45:33 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x1C8DC

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, A2, 8D, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 30, 56, 05, 10, E8, 75, 2E, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, CC, EF, 07, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, BC, 65, 04, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Characteristics:
0x8450

Code size:
274.5 KB (281,088 bytes)

There are numerous known code variantions that share the same compilation structure.

Adware.Yontoo
plugin.dll  1.0.5766.15791  (edd45e3a9fa5bdbf888ae4f1dbdd3dfc647b56f6)

Adware.Yontoo
{9456adc6-1022-46c7-ab3e-ab1e45d2884e}.dll  1.0.5760.13933  (59bd00d716700bab171fcfc72eb3c0b5991a42b0)

Adware.Yontoo
{0ed9863a-b961-4975-8a59-98730f5a5b86}.dll  1.0.5743.10289  (dc2e2d4ed933b217799a3bd9cc33fa9e8be8d5f7)

Adware.Yontoo
{0aa8fbd6-831a-4101-af6e-f90272dd835b}.dll  1.0.5742.8484  (067451e843b0c7b107fb63a89ee2cbc9edb18415)

Adware.Yontoo
{0248c28c-e091-46b2-ad9c-43f769d23c80}.dll  1.0.5741.42682  (657e71a6285aa3cbd466e1704834b157449622dd)

Adware.Yontoo
{0daa6b2a-fba9-4cbe-841b-a5a734c43bbf}.dll  1.0.5741.24685  (92b948037eaaa6117a4d1077f6281ad911fbe14c)

Adware.Yontoo
{23fd8321-42d0-4566-bcc1-6eb5273d7d57}.dll  1.0.5740.13887  (03a29873531141b294941ee79871ac84588c2e80)

Adware.Yontoo
{0928463b-847a-4585-a567-69fb00425f2f}.dll  1.0.5737.35474  (6b0af35524fd8a341cea3bb27f0ebd62fb896bde)

Adware.Yontoo
{f2d7664a-1550-44cd-a2ed-dd520c236be2}.dll  1.0.5734.3054  (2f3190cdab3307e15027ddd38f0be452c8fef1ef)

Adware.Yontoo
{110f9bda-2d33-46ac-ab92-331f3c7436ce}.dll  1.0.5726.15663  (f2b7165e0211f619e39d7bd5cc96b9f2e188e8ee)

Adware.Yontoo
{017e326d-b113-47f9-b2c5-fed644b3b245}.dll  1.0.5721.6624  (18cc8f95680887ed3ab3a61bc6d5d187a39e02d6)

Adware.Yontoo
{0020b69b-ed2b-4632-8fcb-ca785c06070c}.dll  1.0.5718.1325  (6bdb49d2e5d3b57c40a23a3d1301aac02d47e2d4)

Adware.Yontoo
{9eb4b3cf-a1dc-4f87-947a-687588a525ee}.dll  1.0.5705.13876  (091ac25beed8152b09b9a0567e3849fee42b447c)

Adware.Yontoo
{3850331b-d6fc-4dd1-8d9c-c6ee99422744}.dll  1.0.5702.35488  (7b9533c72d91d55e77031674d2f95c5c482fd077)

Adware.Yontoo
{0442a9a6-c91b-454e-98e2-bac47fbe26bf}.dll  1.0.5702.26499  (08358f78334c5d2f8c111cd969584b0f13fac8d8)

Adware.Yontoo.Service
updater.exe  (d6cb693ecfeabf92beb317cf6fec89c192f1fad4)

Adware.Yontoo.Service
plugincontainer.exe  (1afa767a915882e76710cb8717c55796e94995cf)

Adware.Yontoo.BHO
30c85a3d-1d96-4589-b63f-91fb7ef45a41.dll  (8b8292009b480fe07c6d620e633057c173c835fb)

Adware.Yontoo.Installer
setup.exe  (302f5eeb9b0f30c02bfb3476eafa7f487070ed58)

Adware.Yontoo.Installer
setup0116.exe  (947bcfa4b2b0c0efa7447211f3fb2bb06f79943b)

Adware.Yontoo
uninstaller.exe  (e86cc705cd28e2a85859f6eae1fee5f5e64eb29c)

Adware.Yontoo
ca0a46c7-3c2a-4f37-82ea-cd9b22b1bc3d.dll  (0dbcd6adf57430371156467af41b42b737d41a1d)

Adware.Yontoo
plugin.exe  (aa8873babd7f0b8999b0745495dde28fc70b6b2f)

Adware.Yontoo
e54ad0f4-87af-41b8-ba26-95f60c5f74af.dll  (6a805ce86fd0d63448afeae8f728b15db45f5bbf)

Download Reason Core Security - Powerful anti-malware software