Reason Labs

plugin.exe

The application plugin.exe has been detected as Adware.Yontoo.Plugin.
Version:
1.0.6284.9823

MD5:
229a14074295a1d27101e2103930683e

SHA-1:
77e83e36192f2fb963a0e13fb5183932e9ac6301

SHA-256:
e9907d28a678ab213b52f362d3b32bd363e6456001a31fdc9d3d45199a18b83b

Detection:
Adware.Yontoo.Plugin

Risk:
Medium

Explanation:
Part of the Yontoo adware component, a web browser plugin that injects unwanted ads, coupon offers and popups in the browser.

Analysis date:
12/12/2018 10:53:59 AM UTC  (today)

File size:
2.1 MB (2,213,916 bytes)

Product version:
1.0.6284.9823

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\59afa7b8-54e5-4124-8be7-716a905c1142\plugins\2\plugin.exe

File PE Metadata
Compilation timestamp:
3/16/2017 9:30:29 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x59CD90

Entry point:
E8, F4, 24, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 48, 78, 00, 01, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 68, 07, 00, 01, 01, 0F, 82, ED, 25, 01, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03...
 
[+]

Entropy:
6.6268

Characteristics:
0x258

Code size:
1.9 MB (1,964,032 bytes)

Properties
Command line:
" u

There are numerous known code variantions that share the same compilation structure.

Adware.Yontoo.Plugin
plugin.exe  1.0.6284.10243  (fe611c86dc0bfee5ddb7bf3b527e29057285d12f)

Adware.Yontoo.Plugin
plugin.exe  1.0.6284.10243  (3a7632a49702db40add14efcf0163ed75a738cf3)

Adware.Yontoo.Plugin
plugin.exe  1.0.6284.9823  (c683b056cebe0a6d90a38ea8a5174507875eda0a)

Adware.Yontoo.Plugin
plugin.exe  1.0.6284.9823  (92d47774903e7914a849023994ae1509be1360d1)

Adware.Yontoo.Plugin
plugin.exe  1.0.6284.9823  (ea9e292a7f201a3d45587adec60665c7bdd72413)

Adware.Yontoo.Plugin
plugin.exe  1.0.6284.9823  (e13056064182ff7d065dbec4087f2e8e89fd52e0)

Adware.Yontoo.Plugin
plugin.exe  1.0.6284.9823  (c219167bdec4d8e76dc0f36f99c50502c419add9)

Adware.Yontoo.Plugin
plugin.exe  1.0.6284.9823  (768876fbf8db78d294d394c12a01f103e8a3898e)

Adware.Yontoo.Plugin
plugin.exe  1.0.6284.9823  (bec5f2103c69201a0b9b339eb532ba9f9b94a05b)

Adware.Yontoo.RE
plugin.exe  1.0.6284.9823  (878a393a124873bfcc72ccedf032c528b74eaf5c)

Adware.Yontoo.Plugin
plugin.exe  1.0.6284.9823  (ee29ab95aa6cd9a519c9e05a5a22a547e2749b18)

Adware.Yontoo.Plugin
plugin.exe  1.0.6284.9823  (42f66a37380fe5204ba958f6b50748304778abb9)

Adware.Yontoo.Plugin
plugin.exe  1.0.6284.1346  (65a98a5580ce2f545818566b1a431408750b4af0)

Adware.Yontoo.Plugin
plugin.exe  1.0.6283.4581  (6c0c54e7cdfb12393557ccfca849816708b5fe9e)

Adware.Yontoo.Plugin
plugin.exe  1.0.6282.2972  (96f40cfc088a005be481f0c34b56e02f58f34dc0)

Download Reason Core Security - Powerful anti-malware software