home

cytiweb.dll

Cyti Web

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module cytiweb.dll by Cyti Web has been detected as adware by 22 anti-malware scanners. This file is typically installed with the program Cyti Web by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. The file has been seen being downloaded from install-cdn.cytiweb.net.
Publisher:
Cyti Web  (signed and verified)

Product:
Cyti Web

Version:
1.0.0.6

MD5:
22998c613c6b5638636cb451c1465f39

SHA-1:
7527b3d22b71edfcb6570313afda14ef970b5d40

SHA-256:
4deda42b5abb631341f98354c33b4e339b65041458c32f1d4c7f2883fb7f2149

Scanner detections:
22 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
12/26/2024 8:00:42 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.BrowseFox.BF
6434017

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
Adware/Win32.BrowseFox
2015.01.26

Avira AntiVirus
ADWARE/BrowseFox.Gen2
7.11.205.2

AVG
Adware BrowseFox.F
2014.0.4253

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.15125

Bitdefender
Adware.BrowseFox.BF
1.0.20.125

Comodo Security
Application.Win32.BrowseFox.JM
20837

Dr.Web
Trojan.Yontoo.476
9.0.1.05190

Emsisoft Anti-Malware
Adware.BrowseFox.BF
9.0.0.4799

ESET NOD32
Win32/BrowseFox.O potentially unwanted application
7.0.302.0

F-Prot
W32/S-7bed2e86
v6.4.7.1.166

F-Secure
Adware.BrowseFox.BF
5.13.68

G Data
Adware.BrowseFox.BF
15.1.24

K7 AntiVirus
Trojan
13.192.14746

Malwarebytes
PUP.Optional.CytiWeb.A
v2015.01.25.07

MicroWorld eScan
Adware.BrowseFox.BF
16.0.0.75

NANO AntiVirus
Riskware.Win32.SwiftBrowse.dlbdsd
0.30.0.64812

nProtect
Adware.BrowseFox.BF
15.01.23.01

Reason Heuristics
PUP.Yontoo
15.1.25.6

Vba32 AntiVirus
AdWare.SwiftBrowse
3.12.26.3

Zillya! Antivirus
Adware.Agent.Win32.29785
2.0.0.2045

File size:
244.2 KB (250,096 bytes)

Product version:
1.0.0.6

Copyright:
(c) Cyti Web. All rights reserved.

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\mmo08xn4\cytiweb.dll

Digital Signature
Signed by:
Cyti Web

Authority:
VeriSign, Inc.

Valid from:
11/19/2014 3:00:00 AM

Valid to:
11/20/2015 2:59:59 AM

Subject:
CN=Cyti Web, O=Cyti Web, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2EA907673DCE80C1AF3DAA010B4C3CA9

File PE Metadata
Compilation timestamp:
1/25/2015 8:33:36 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:xdhoOtoS6lz4NmbXRAIieG5Gif9eAxjN+EIaItXsuW1x7Q:xFtoS6t4kLRAZeG7IBHW1xs

Entry address:
0x12854

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 41, 8D, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 70, 30, 03, 10, E8, BD, 01, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, C4, 77, 03, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, FC, A4, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
6.3574

Developed / compiled with:
Microsoft Visual C++

Code size:
159 KB (162,816 bytes)

The file cytiweb.dll has been discovered within the following programs.

Cyti Web  by Yontoo Technology, Inc.
Cyti Web installs a web browser extension that injects ads within the underlying webpage. It displays several types of advertising, including but not limited to: - Sponsored links - Video targeted ads (which are displayed when you view a video).
cytiweb.net/support
82% remove it
 
Powered by Should I Remove It?

The file cytiweb.dll has been seen being distributed by the following URL.

http://install-cdn.cytiweb.net/bed?r=2015012518&bet=3

Remove cytiweb.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.