» krabwebbho.dll
Overview
Analysis
File Details
Behaviors (1)
Programs (2)
Downloads (1)

krabwebbho.dll

Krab Web

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module krabwebbho.dll by Krab Web has been detected as adware by 12 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Krab Web’. This file is typically installed with the program Krab Web by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

krabwebbho.dll

Publisher:

Krab Web (signed and verified)

Product:

Krab Web

Version:

1.0.0.3

MD5:

bdbeb56abd28e1ab8df2ee69279edaf7

SHA-1:

d4f5ea40df525980fd70beae8847e15ea1c66f33

SHA-256:

9a2df30816dd6e6a7bb359b8267ce8812840f509de01a5d92a2e3af5d167848b

Scanner detections:

12 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

1/14/2025 9:13:26 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

APPL/BrowseFox.Gen2

7.11.170.170

AVG

Adware BrowseFox.F

2014.0.4025

Baidu Antivirus

Adware.Win32.BrowseFox

4.0.3.14927

Comodo Security

Application.Win32.BrowseFox.JM

19408

Dr.Web

Trojan.BPlug.144

9.0.1.05190

ESET NOD32

Win32/BrowseFox.O potentially unwanted application

7.0.302.0

herdProtect (fuzzy)

variant of krabweb.dll (Adware)

2014.12.9.5

IKARUS anti.virus

AdWare.BrowseFox

t3scan.1.7.5.0

Malwarebytes

PUP.Optional.KrabWeb.A

v2014.09.27.02

NANO AntiVirus

Trojan.Win32.BPlug.dfogbn

0.28.2.62286

Reason Heuristics

Adware.Yontoo.BHO.K

14.9.27.14

VIPRE Antivirus

Threat.4741131

32938

File size:

244.3 KB (250,144 bytes)

Product version:

1.0.0.3

Original file name:

Krab WebIEClient.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\krab web\krabwebbho.dll

Digital Signature

Signed by:

Krab Web

Authority:

DigiCert Inc

Valid from:

6/8/2014 7:00:00 PM

Valid to:

6/17/2015 7:00:00 AM

Subject:

CN=Krab Web, O=Krab Web, L=Santa Monica, S=California, C=US

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0572744C4944FF55FB05A9A82A78D271

File PE Metadata

Compilation timestamp:

9/26/2014 3:51:20 PM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:rRxoOBfVfdiKQkpiUFjIlige9eAxjN+/IaIQCBLsfau:r5BfVfRQSiQeGYIlBsfau

Entry address:

0x12854

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 41, 8D, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 70, 30, 03, 10, E8, BD, 01, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 04, 78, 03, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, FC, A4, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

6.3571

Developed / compiled with:

Microsoft Visual C++

Code size:

159 KB (162,816 bytes)

Internet Explorer BHO

Display name:

Krab Web

CLSID:

{feadf62f-aec2-46a1-a087-40149f311df9}

The file krabwebbho.dll has been discovered within the following programs.

Buzzdock by Alactro LLC

This is a web browser extension that injects advertising. From the EULA: "Buzzdock is free to download and use. Buzzdock is supported by advertising, and users will see additional ads on websites where Buzzdock features operate.

www.buzzdock.com/faq-support

79% remove it

Krab Web by Yontoo Technology, Inc.

Krab Web is an advertising supported browser extension also known as adware and is designed to deliver ads to the user's Internet browser as banners, context text-links and transitionals ads. The injected ads are not affiliated with the underlying website on which they appear.

krabweb.net/support

81% remove it

The file krabwebbho.dll has been seen being distributed by the following URL.

http://install-cdn.krabweb.net/bed?bet=3

Remove krabwebbho.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.