home

browsestudio.dll

BrowseStudio

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module browsestudio.dll by BrowseStudio has been detected as adware by 12 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘BrowseStudio’. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from install-cdn.browsestudio.com.
Publisher:
BrowseStudio  (signed and verified)

Product:
BrowseStudio

Version:
1.0.0.3

MD5:
21f5e666ea62c1a6ae545b964a677b90

SHA-1:
52387cfc2b7ed8da229e684d3d94dc14c1a3bce5

SHA-256:
989750834d1c71f99075dac894865aa8f517ce49900d06fe7f92ed6f5118470c

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
11/5/2024 10:50:56 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/BrowseFox.Gen2
7.11.186.88

AVG
BrowseFox.F
2015.0.3289

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.141116

Comodo Security
Application.Win32.BrowseFox.JM
20095

Dr.Web
Trojan.BPlug.167
9.0.1.0320

ESET NOD32
Win32/BrowseFox (variant)
8.10730

Fortinet FortiGate
Riskware/BrowseFox
11/16/2014

Malwarebytes
PUP.Optional.BrowseStudio.A
v2014.11.16.07

McAfee
BrowseFox-FRR
5600.6945

NANO AntiVirus
Trojan.Win32.BPlug.dfohwl
0.28.6.63362

Reason Heuristics
PUP.BrowseStudio.M
14.11.21.23

Trend Micro House Call
Suspicious_GEN.F47V1115
7.2.320

File size:
244.7 KB (250,608 bytes)

Product version:
1.0.0.3

Copyright:
(c) BrowseStudio. All rights reserved.

Original file name:
BrowseStudioIEClient.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\browsestudio.dll

Digital Signature
Signed by:
BrowseStudio

Authority:
VeriSign, Inc.

Valid from:
9/2/2014 1:00:00 AM

Valid to:
9/3/2015 12:59:59 AM

Subject:
CN=BrowseStudio, O=BrowseStudio, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
11AE532A33120159E1078A0D3EDE88C9

Registration
CLSID:
{1e9e0e98-4ab7-40b0-a0ce-69105c1b7c92}

COM registered:
Yes

File PE Metadata
Compilation timestamp:
11/15/2014 6:22:53 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:qn6oqa7ZcJ83Z2qJC0SzN+3aR4id15+s+xIaIEY9RaL8:qOa7Zce3BCR/wxIXTaL8

Entry address:
0x12854

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 41, 8D, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 90, 30, 03, 10, E8, BD, 01, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 44, 78, 03, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 1C, A5, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
159 KB (162,816 bytes)

Internet Explorer BHO
Display name:
BrowseStudio

CLSID:
{1e9e0e98-4ab7-40b0-a0ce-69105c1b7c92}


The file browsestudio.dll has been seen being distributed by the following URL.

http://install-cdn.browsestudio.com/bed?bet=3

Remove browsestudio.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.