krabwebbho.dll

Krab Web

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module krabwebbho.dll by Krab Web has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Krab Web’. Additionally, the file is typically installed by a number of programs including Krab Web by Yontoo Technology, Inc. and Buzzdock by Alactro LLC, both potentially unwanted software.
Publisher:
Krab Web  (signed and verified)

Product:
Krab Web

Version:
1.0.0.5

MD5:
95461506ca17a84cc6c11fe74bb0334d

SHA-1:
e16c988afbd3107fec326422499bd6a6ead41c46

SHA-256:
d71f963fa1c888229667c94a2155ac281993c627ead3a9d9be0e3f4416b402e9

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:
11/27/2024 2:13:05 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Yontoo (M)
17.3.8.2

File size:
244.2 KB (250,096 bytes)

Product version:
1.0.0.5

Copyright:
(c) Krab Web. All rights reserved.

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\krab web\krabwebbho.dll

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
10/7/2014 2:00:00 AM

Valid to:
10/8/2015 1:59:59 AM

Subject:
CN=Krab Web, O=Krab Web, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7267FFF9DE9B65FB24D2CA9CB6A3E8F9

Registration
CLSID:
{feadf62f-aec2-46a1-a087-40149f311df9}

COM registered:
Yes

File PE Metadata
Compilation timestamp:
12/10/2014 11:36:52 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0x12854

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 41, 8D, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 70, 30, 03, 10, E8, BD, 01, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 04, 78, 03, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, FC, A4, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
159 KB (162,816 bytes)

Internet Explorer BHO
Display name:
Krab Web

CLSID:
{feadf62f-aec2-46a1-a087-40149f311df9}


The file krabwebbho.dll has been discovered within the following programs.

Buzzdock  by Alactro LLC
This is a web browser extension that injects advertising. From the EULA: "Buzzdock is free to download and use. Buzzdock is supported by advertising, and users will see additional ads on websites where Buzzdock features operate.
www.buzzdock.com/faq-support
79% remove it
Krab Web  by Yontoo Technology, Inc.
Krab Web is an advertising supported browser extension also known as adware and is designed to deliver ads to the user's Internet browser as banners, context text-links and transitionals ads. The injected ads are not affiliated with the underlying website on which they appear.
krabweb.net/support
81% remove it
 
Powered by Should I Remove It?

Remove krabwebbho.dll - Powered by Reason Core Security