d176f0cf-bb89-4545-9d35-1bb35f546ec0.exe

Smart Applications

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application d176f0cf-bb89-4545-9d35-1bb35f546ec0.exe by Smart Applications has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Smart Applications  (signed and verified)

MD5:
671319e0290cc1433e69cd022eb0e2d2

SHA-1:
a28441ba12d688422637ef25fb1583336354e439

SHA-256:
3c478b9fc08c00731c3b318fbfd882106bb8b42659ce35ae09a64210268bb92f

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:
11/27/2024 3:39:28 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Yontoo (M)
16.8.6.18

File size:
32.4 MB (33,963,392 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\temp\d176f0cf-bb89-4545-9d35-1bb35f546ec0.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
11/14/2014 8:00:00 AM

Valid to:
11/15/2015 7:59:59 AM

Subject:
CN=Smart Applications, O=Smart Applications, L=St. James, S=St. James, C=BB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4CF1C880A6746C7D0CDCB1393793A057

File PE Metadata
Compilation timestamp:
4/1/2015 11:49:09 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
786432:22pYIvA0d6JvoxSxkohjlpmMGbSKDjdFv4Ab2OEJk:2TI5Lbohjb8b/jzcOC

Entry address:
0x6050

Entropy:
7.9732  (probably packed)

Code size:
60.5 KB (61,952 bytes)

Remove d176f0cf-bb89-4545-9d35-1bb35f546ec0.exe - Powered by Reason Core Security