Reason Labs

plugin.exe

Fantastic Skill

The application plugin.exe by Fantastic Skill has been detected as Adware.Yontoo.
Publisher:
Fantastic Skill  (signed and verified)

Version:
1.0.6284.2986

MD5:
8278122b537cedfc5688b0d2e1283290

SHA-1:
7de4e0509b200e9ada4f2c7370a7657748f05f6b

SHA-256:
6e998ecccfd36de2a82efe596001bbeff0ba69b15e7c296e2fe8780e3d7e8eb1

Detection:
Adware.Yontoo

Risk:
Medium

Explanation:
Part of the Yontoo adware component, a web browser plugin that injects unwanted ads, coupon offers and popups in the browser.

Analysis date:
10/19/2018 3:14:33 AM UTC  (today)

File size:
2.1 MB (2,231,008 bytes)

Product version:
1.0.6284.2986

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\3929cb63-cbbd-4b9c-8b92-a50fbd04e656\plugins\2\plugin.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
5/23/2016 7:00:00 AM

Valid to:
5/24/2017 6:59:59 AM

Subject:
CN=Fantastic Skill, O=Fantastic Skill, L=Escondido, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4FA2715DA449C8E61AF3FF94ED17EA3C

File PE Metadata
Compilation timestamp:
3/16/2017 3:41:59 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x1A5F70

Entry point:
E8, 04, 25, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 68, 7A, 62, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA, 25, 68, 07, 62, 00, 01, 0F, 82, FD, 25, 01, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03...
 
[+]

Entropy:
6.6343

Characteristics:
0x258

Code size:
1.9 MB (1,968,640 bytes)

There are numerous known code variantions that share the same compilation structure.

Adware.Yontoo
plugin.exe  1.0.6284.2986  (d8409e127aa78a66cb527999c3ab358778346c14)

Adware.Yontoo
plugin.exe  1.0.6283.35507  (020f68021a1c5059ed4c689f1400c2fe858bfb5c)

Adware.Yontoo
plugin.exe  1.0.6283.35507  (122d19071db94583d4b94480148887b3b7cd08ca)

Adware.Yontoo
plugin.exe  1.0.6283.35507  (e6aac68d3bddcc6c87a68fd844a44c780048daa3)

Adware.Yontoo
plugin.exe  1.0.6283.35507  (d82373f7e2d1fec5ebb85a7c605d9ef469ad9cd2)

Adware.Yontoo
plugin.exe  1.0.6283.26226  (2b23939f48967ac778ac556dabd829f5c00274d6)

Adware.Yontoo
plugin.exe  1.0.6283.26226  (84fd799a7a756e17df8b372c3541de3450e7504e)

Adware.Yontoo
plugin.exe  1.0.6283.26226  (138679a52e7a0f07cc1ce0a1598f28be644018ea)

Adware.Yontoo
plugin.exe  1.0.6283.26226  (b9b88181ed655bc77a35a4f5eda98d86d24389af)

Adware.Yontoo
plugin.exe  1.0.6283.17202  (c370d79dabe421b582854e01717d5d14737d60ae)

Adware.Yontoo
plugin.exe  1.0.6262.37306  (40e873f2303649ae917c6608eb465f30662bdb22)

Adware.Yontoo
plugin.exe  1.0.6077.9430  (e6ec2219b21fac5725c3ed89b3d888f28b825a5d)

Adware.Yontoo
plugin.exe  1.0.6066.11246  (3b76e826533444206e832fe219a8cad5cf36ec53)

Adware.Yontoo
plugin-4397b64c-5e45-4b37-a26f-2fbc0ea3c305.exe  1.0.6063.8939  (77131722dafd423770f1c6a36e90d9ea0a61be3a)

Adware.Yontoo
plugin.exe  1.0.6010.6990  (a1b03cb4cd053616109d1686f3150adaac40c93b)

Adware.Yontoo
updater.exe  (9a0ebe0a23f868b629b075ae7a563648972c1c92)

Adware.Yontoo.RE
plugincontainer.exe  (1a0598c2d81faf52c7328e54f604e02532229c37)

Adware.Yantoo.Fantasti
plugincontainer.upd  (70cbb46da6c8ebbe42fe5d14c5d871e26e1bc334)

Adware.Yontoo.Fantasti
40.0.0.dll  (2df843ffed96e9a0883b2f2cd6a33598f80551cf)

Adware.Yontoo.Fantasti
45.0.1.dll  (f3d8490cd928493e3251c8199d1565b76470ca95)

PUP.Browser.Extension
{a7d4b715-ec2e-4400-9ad7-35c87069dc2b}.xpi  (21691b5cf6e12c897bc2a2fe809035290a25f319)

Download Reason Core Security - Powerful anti-malware software