greenerweb.browseradapter.exe

Greener Web

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application greenerweb.browseradapter.exe by Greener Web has been detected as adware by 14 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. While running, it connects to the Internet address c915d728.virtua.com.br on port 80 using the HTTP protocol.
Publisher:
Greener Web  (signed and verified)

MD5:
e40fc13cb2e48dcbf2ca057238d839ce

SHA-1:
99e0749a025da8f1aeba940b17e461c2a479394a

SHA-256:
8ed5a546b74cb76b202e144100dda2c192d746b6c42fc2beaef2780facfee4ac

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
12/26/2024 6:23:46 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.SwiftBrowse.1
966

AVG
Adware Generic_r.KF
2014.0.3955

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.14613

Bitdefender
Gen:Variant.Adware.SwiftBrowse.1
1.0.20.820

Dr.Web
Trojan.BPlug.48
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.SwiftBrowse
8.14.06.13.10

ESET NOD32
Win32/BrowseFox.I potentially unwanted application
7.0.302.0

F-Secure
Gen:Variant.Adware.SwiftBrowse.1
11.2014-13-06_6

G Data
Gen:Variant.Adware.SwiftBrowse
14.6.24

IKARUS anti.virus
AdWare.SwiftBrowse
t3scan.1.6.1.0

MicroWorld eScan
Gen:Variant.Adware.SwiftBrowse.1
15.0.0.492

Reason Heuristics
PUP.GreenerWeb.Y
14.6.13.22

SUPERAntiSpyware
Adware.BrowseFox/Variant
10545

Zillya! Antivirus
Adware.SwiftBrowse.Win32.3
2.0.0.1823

File size:
94.3 KB (96,544 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\greener web\bin\greenerweb.browseradapter.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
4/21/2014 9:00:00 PM

Valid to:
4/22/2015 8:59:59 PM

Subject:
CN=Greener Web, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Greener Web, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5AE1591EB6D76718ADCE211DFB4D195B

File PE Metadata
Compilation timestamp:
6/13/2014 8:09:25 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
1536:I2wSnW7yNee8DtbDB2zndKfAIklDnkBIXuTD8PM:IIW7yUeql2BhdqIXuTDJ

Entry address:
0x30E5

Entry point:
E8, 85, 20, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, 70, 40, 41, 00, 75, 02, F3, C3, E9, 0C, 21, 00, 00, 8B, FF, 55, 8B, EC, 5D, E9, 07, 22, 00, 00, 8B, FF, 55, 8B, EC, 83, EC, 10, EB, 0D, FF, 75, 08, E8, 3E, 22, 00, 00, 59, 85, C0, 74, 0F, FF, 75, 08, E8, C5, 07, 00, 00, 59, 85, C0, 74, E6, C9, C3, F6, 05, 78, 53, 41, 00, 01, BF, 6C, 53, 41, 00, BE, 10, 02, 41, 00, 75, 2C, 83, 0D, 78, 53, 41, 00, 01, 6A, 01, 8D, 45, FC, 50, 8B, CF, C7, 45, FC, 18, 02, 41, 00, E8, 2C, 00, 00, 00, 68, 5E, FC, 40, 00, 89, 35, 6C...
 
[+]

Code size:
59.5 KB (60,928 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to c915d728.virtua.com.br  (201.21.215.40:80)

TCP (HTTP):
Connects to a184-29-106-137.deploy.static.akamaitechnologies.com  (184.29.106.137:80)

Remove greenerweb.browseradapter.exe - Powered by Reason Core Security