Reason Labs

plugin.exe

General Buddy

The application plugin.exe by General Buddy has been detected as Adware.Yontoo.Plugin.
Publisher:
General Buddy  (signed and verified)

Version:
1.0.6284.10080

MD5:
e3f5ea801fba24975d41c3e375c96e9a

SHA-1:
6d1aefc4b5cb04720087395a90fc6fcabe495414

SHA-256:
5a0f64f9320eb2977a626fd7d72239304184b2f23315464e62c98c7242cec65e

Detection:
Adware.Yontoo.Plugin

Risk:
Medium

Explanation:
Part of the Yontoo adware component, a web browser plugin that injects unwanted ads, coupon offers and popups in the browser.

Analysis date:
10/21/2018 12:48:49 AM UTC  (today)

File size:
608.2 KB (622,816 bytes)

Product version:
1.0.6284.10080

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\7\plugin.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/1/2016 1:00:00 AM

Valid to:
6/2/2017 12:59:59 AM

Subject:
CN=General Buddy, O=General Buddy, L=Los Angeles, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
512E11D3288F6999A9E648674EC86545

File PE Metadata
Compilation timestamp:
3/16/2017 1:36:17 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0xC7BC6

Entry point:
E8, 39, F2, 00, 00, E9, 7F, FE, FF, FF, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 70, 67, 58, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 70, 07, 58, 00, 01, 0F, 82, 78, F3, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3...
 
[+]

Characteristics:
0x258

Code size:
493 KB (504,832 bytes)

There are numerous known code variantions that share the same compilation structure.

Adware.Yontoo.Plugin
plugin.exe  1.0.6284.2885  (3db398837db9cb0fad999c9bb4803d03c812bc50)

Adware.Yontoo.Plugin
plugin.exe  1.0.6284.2885  (e2c04a16f0105e829ada3ed8d6cf8500590dd534)

Adware.Yontoo.Plugin
plugin.exe  1.0.6284.954  (f38a13ee732917ebcffd6cbdcc2e9f393bc255ff)

Adware.Yontoo.Plugin
plugin.exe  1.0.6284.954  (c0310520e9c1763c97b3e92063eeab95a9f42f98)

Adware.Yontoo.Plugin
plugin.exe  1.0.6284.954  (45833e6ed5c07972813e9bfc43753ba6d520f4b3)

Adware.Yontoo.Plugin
plugin.exe  1.0.6284.954  (d730e1a8ca3436cec66a90fb898173472968e4ac)

Adware.Yontoo.Plugin
plugin.exe  1.0.6284.954  (75c680e089190caa5cd624115076f9aa64d90990)

Adware.Yontoo.Plugin
plugin.exe  1.0.6284.954  (6b08c639e783bcccbe43ed0deca5a8e10d644388)

Adware.Yontoo.Plugin
plugin.exe  1.0.6284.954  (676c30065ca13c55eb43899ea1f88d879d994e11)

Adware.Yontoo.Plugin
plugin.exe  1.0.6284.949  (0c2016a04b4d13ceb29900062195b676bfe9932f)

Adware.Yontoo.Plugin
plugin.exe  1.0.6284.949  (5f6b1606f9410a9bac93526587d7b571afce72c1)

Adware.Yontoo.Plugin
plugin.exe  1.0.6284.949  (033d75de9088d4d473f72cc98fa5f9f295b22aae)

Adware.Yontoo.Plugin
plugin.exe  1.0.6283.35474  (4e1245dbe33241256d84be44c35499c87677c38e)

Adware.Yontoo.Plugin
plugin.exe  1.0.6282.42596  (c59d3d799654387372f264d79d4d0217761fac23)

Adware.Yontoo.Plugin
plugin.exe  1.0.6278.42740  (063eacd79a20748b3a68a8560c89e614a0595bb1)

Adware.Yontoo.RE
{46ad200d-0b0d-40f2-adf9-2fadbef66ba1}.dll  (c7aa83fa93c5cdf762fd7661a840c040e65100e2)

Adware.Yontoo.RE
plugincontainer.exe  (a0ab4129e922edbad40cb70b54356ed3005c54ed)

Adware.Yontoo
40.0.0.dll  (7988c5fab1bf52a242e2fedd85ed881bda9fc9e8)

Adware.Yontoo
45.0.1.dll  (e6f0d1646ad9c45267844e4aa05686fb175e0815)

Adware.Yontoo
47.0.0.dll  (6fa1c0d4a676ce90ea9c272e91f288f8921d3edd)

Adware.Yontoo.RE
{0a401888-abf0-4d8d-bfc6-0b24e05c3735}.dll  (2d32c299832a7c0e1bc48a1e1c5d6d370da731e6)

Adware.Yontoo.RE
{c3dd5f04-7e32-4ffd-b329-05431573110f}.dll  (c81c170ca4fda8109fde0c5c22146c2efea0ed1e)

Adware.Yontoo.RE
{59df3425-4ae6-4d89-b328-a287d52ec882}.dll  (fbcd8f859eab77eac7d5a30d249531e4291e228e)

Adware.Yontoo.RE
{3c98cfbb-fe0d-4db1-9e70-b4d0f9cc83dd}.dll  (26ea3e7c58ed6b7f08f0e31aead080601ac9fd30)

Adware.Yontoo.RE
{36f48ceb-3c55-479a-9d0e-604c746a6c11}.dll  (0492ed0c8bf05d2748891e033e91990395f364bd)

Adware.Yontoo.RE
{ac93438c-ee6f-4c8a-a3cf-195cef1f976c}.dll  (b07f8976f8cffd977728c57fc7b3e382096ecd4b)

Adware.Yontoo.RE
{9097ff48-07ba-4ee4-ada7-40e89a967306}.dll  (5db1b4a1679cc4e042a11f02d506309215505578)

Adware.Yontoo.RE
{63d5526d-ec91-4f61-b8eb-63a06a23d98c}.dll  (9654acb0248c24a12f5cb937fa32e21d42266167)

Adware.Yontoo.RE
{8a8c8f17-3c69-423d-8e3f-9c7f0330cac0}.dll  (080b25fd4c479ba79daba8ca76a5b7b4c444aeec)

PUP.Browser.Extension
{18e1a5c1-9cfb-44f1-87e3-aed7a661c81a}.xpi  (ca2d2890ed919c5c4ba294159353650e58dc8c6e)

Adware.Yontoo.RE
{40489056-1311-4315-990f-d0edee576cd9}.dll  (69632d212aa86c3e550efeb9750593a2b7791d23)

Download Reason Core Security - Powerful anti-malware software