Reason Labs

plugin.exe

Bolt Flow

The application plugin.exe by Bolt Flow has been detected as Adware.Yontoo.
Publisher:
Bolt Flow  (signed and verified)

Version:
1.0.6280.15570

MD5:
5e05975784e6487a4db20617feaa9688

SHA-1:
392012d871846ec0ea002af934eb581d6211abbd

SHA-256:
1179f29bdf982e535f20c0ae27526f632c4f4f01880ff90890c9323a537c7465

Detection:
Adware.Yontoo

Risk:
Medium

Explanation:
Part of the Yontoo adware component, a web browser plugin that injects unwanted ads, coupon offers and popups in the browser.

Analysis date:
10/19/2018 3:43:29 AM UTC  (today)

File size:
904.2 KB (925,912 bytes)

Product version:
1.0.6280.15570

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\d64c6aa4-9b30-4b06-8859-0cfa31bd50dc\plugins\3\plugin.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/1/2016 3:00:00 AM

Valid to:
6/2/2017 2:59:59 AM

Subject:
CN=Bolt Flow, O=Bolt Flow, L=Los Angeles, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1F134570B6097694E14C4D622AC44B2E

File PE Metadata
Compilation timestamp:
3/12/2017 5:40:04 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x77217

Entry point:
E8, 9F, 06, 00, 00, E9, 80, FE, FF, FF, FF, 25, 04, 94, 4B, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 0F, 03, C1, 1B, C9, 0B, C1, 59, E9, DA, 07, 00, 00, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 07, 03, C1, 1B, C9, 0B, C1, 59, E9, C4, 07, 00, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, F2, C3, 8B, 4D, F0, 33, CD, F2, E8, C7, F4, FF, FF, F2, E9, DA, FF, FF, FF, 8B, 4D, EC, 33, CD, F2, E8, B6, F4, FF, FF, F2, E9, C9, FF, FF, FF, 50, 64, FF, 35...
 
[+]

Characteristics:
0x258

Code size:
735 KB (752,640 bytes)

There are numerous known code variantions that share the same compilation structure.

Adware.Yontoo
plugin.exe  1.0.6284.2790  (25268211fefb2715b5f9556674ce5980eda01397)

Adware.Yontoo
plugin.exe  1.0.6284.2790  (69845b93bae00eb5e379900e1a1f27182a221cdb)

Adware.Yontoo
plugin.exe  1.0.6283.31873  (740faeb42db2355f7de95d29d548433ac04bd5f6)

Adware.Yontoo
plugin.exe  1.0.6283.31873  (dd83266809dce12847d937f5973849edf0cbf51c)

Adware.Yontoo
plugin.exe  1.0.6283.31873  (3c369a20c0d46346312f48e2ad1821a310f51924)

Adware.Yontoo
plugin.exe  1.0.6283.31873  (32fbc2429516a4e915b74974e716763b8402dfa7)

Adware.Yontoo
plugin.exe  1.0.6283.31873  (4b19a9dcf33283b4642da500e74b8fca42f41a3e)

Adware.Yontoo
plugin.exe  1.0.6283.31873  (5afcd041cee0a9e3173ff84bd80fd7da916dc938)

Adware.Yontoo
plugin.exe  1.0.6283.31873  (1211689402f13e53675020e5938c0358ea05743f)

Adware.Yontoo
plugin.exe  1.0.6283.21209  (793886922f0187c0fc2510d22602d8d62b79e0dc)

Adware.Yontoo
plugin.exe  1.0.6283.21209  (1de99e301ccd211e8502621c5ef5130082fe8525)

Adware.Yontoo
plugin.exe  1.0.6283.12177  (b50d30b1daf50b586baee46c0a27a117fab6be46)

Adware.Yontoo
plugin.exe  1.0.6283.3180  (4832e4659c1bc66682ac43b9c24ee72dd2afd4c9)

Adware.Yontoo
plugin.exe  1.0.6275.42718  (237b946cf628fd94ae93fb5979466878fe56ada3)

Adware.Yontoo
plugin.exe  1.0.6271.12008  (558383c24d2716d7614316941532411db6a9348d)

Adware.Yontoo
updater.exe  (3f3a94493494dfbfc0f57e927170d4f7040b7c80)

Adware.Yontoo.RE
plugincontainer.exe  (d88857dacb712ea71298d318706c0dd4224f9987)

Adware.Yontoo.BoltFlow.Installer
setup.exe  (c1b0b8093e06eef1651268353a8c814f257fcc94)

Adware.Yontoo.RE
plugincontainer.upd  (3588233496b55c3c06ef33e2aab0dffd81039c76)

Download Reason Core Security - Powerful anti-malware software