RockTurner.FirstRun.exe

FirstRun

Rock Turner

The Yontoo branded FirstRun executable is distributed as part of a Yontoo product bundle and is desigend to install components of this ad-supported (injection) program as well as 'call home' to inform the server that the extension was installed and may request additional instructions. The application RockTurner.FirstRun.exe by Rock Turner has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Rock Turner by Yontoo Technology, Inc. which is a potentially unwanted software program.
Publisher:
Rock Turner  (signed and verified)

Product:
FirstRun

Version:
1.0.0.0

MD5:
3078903af29e282a751aadd90593357d

SHA-1:
277f06c81773e07676740a56a84e70f2cc5e85e5

SHA-256:
286ba93f1a7292dc46716d0f32b38130f46838a1c5727a30c6dc921c86a45694

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Yontoo ad injection web browser add-on.

Analysis date:
11/27/2024 12:02:21 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Yontoo (M)
17.3.10.23

File size:
1.1 MB (1,122,592 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2014

Original file name:
RockTurner.FirstRun.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\rock turner\rockturner.firstrun.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
3/13/2014 9:00:00 PM

Valid to:
3/14/2015 8:59:59 PM

Subject:
CN=Rock Turner, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Rock Turner, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
71A33D3A2D147E26FB179221834AF81F

File PE Metadata
Compilation timestamp:
5/30/2014 1:48:29 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x111DD2

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 34, 03, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 50, 00, 00, 00, 5C, 20...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.1 MB (1,113,600 bytes)

The file RockTurner.FirstRun.exe has been discovered within the following program.

Rock Turner  by Yontoo Technology, Inc.
This is an adware web browser plugin that injects a number of ad formats in the users web browser. Ads are delivered in the form of search-related ads, banner and video ads, and text-links and some popup/pop-under advertisements.
rockturner.biz/support
85% remove it
 
Powered by Should I Remove It?

Remove RockTurner.FirstRun.exe - Powered by Reason Core Security