roundworld.dll

Round World

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module roundworld.dll by Round World has been detected as adware by 36 anti-malware scanners. This file is typically installed with the program Round World by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from install-cdn.myroundworld.com and multiple other hosts.
Publisher:
Round World  (signed and verified)

Product:
Round World

Version:
1.0.0.7

MD5:
d40b3b3296268aa65cc27a37731a7d0c

SHA-1:
20ee808917159d48de1dbfb00014d99208c5bdd2

SHA-256:
a708075545f33a0978174c9e210c4c9a23e246092171090665a18979de928cfd

Scanner detections:
36 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
11/24/2024 1:00:35 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.BrowseFox.CS
484

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.BrowseFox
2015.09.06

Avira AntiVirus
ADWARE/BrowseFox.Gen2
8.3.2.2

Arcabit
Adware.BrowseFox.CS
1.0.0.425

avast!
MSIL:BrowseFox-AF [PUP]
2014.9-151008

AVG
AdPlugin
2016.0.2962

Baidu Antivirus
Adware.Win32.BrowseFox
4.0.3.15108

Bitdefender
Adware.BrowseFox.CS
1.0.20.1405

Bkav FE
W32.HfsAdware
1.3.0.7133

Clam AntiVirus
Win.Adware.Browsefox-1518
0.98/21511

Comodo Security
ApplicUnwnt
23179

Dr.Web
Trojan.Yontoo.1734
9.0.1.0281

Emsisoft Anti-Malware
Adware.BrowseFox.CS
8.15.10.08.05

ESET NOD32
Win32/BrowseFox.AE potentially unwanted (variant)
9.12207

Fortinet FortiGate
Riskware/BrowseFox
10/8/2015

F-Prot
W32/S-f64f6ec1
v6.4.7.1.166

F-Secure
Adware.BrowseFox.CS
11.2015-08-10_5

G Data
Adware.BrowseFox.CS
15.10.25

IKARUS anti.virus
PUA.BrowseFox
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.2017124

Malwarebytes
PUP.Optional.RoundWorld
v2015.10.08.05

McAfee
Artemis!D40B3B329626
5600.6618

MicroWorld eScan
Adware.BrowseFox.CS
16.0.0.843

NANO AntiVirus
Trojan.Win32.Yontoo.dnkubo
0.30.24.3283

nProtect
Adware.BrowseFox.CS
15.09.04.01

Qihoo 360 Security
HEUR/QVM30.1.Malware.Gen
1.0.0.1015

Quick Heal
PUA.MSJDGBTIR.OD5
10.15.14.00

Reason Heuristics
PUP.Yontoo.RoundWorld (M)
15.10.8.17

Rising Antivirus
PE:Adware.BrowseFox!6.1D8B[F1]
23.00.65.151006

Sophos
Generic PUA CA (PUA)
4.98

Trend Micro House Call
TROJ_GEN.F0C2C00LH14
7.2.281

Trend Micro
TROJ_GEN.R047C0OBP15
10.465.08

Vba32 AntiVirus
AdWare.MSIL.Agent
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
43482

Zillya! Antivirus
Adware.Agent.Win32.59113
2.0.0.2388

File size:
262.7 KB (269,040 bytes)

Product version:
1.0.0.7

Copyright:
(c) Round World. All rights reserved.

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\roundworld.dll

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/10/2015 6:00:00 PM

Valid to:
1/11/2016 5:59:59 PM

Subject:
CN=Round World, O=Round World, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1E6F69E3F386155D988683D665483D02

File PE Metadata
Compilation timestamp:
2/16/2015 6:25:47 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:vyq7vzkKELk3SVaUs0FHxB+V9l63gY+GzGcEG+ZKTcRKaHdXfcEhGF:vyq7v44SVcYHBth+Z9pkwGF

Entry address:
0xF515

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, EA, 7E, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, C8, 21, 03, 10, E8, 4C, 02, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 4C, 77, 03, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, C4, 93, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
6.0728

Developed / compiled with:
Microsoft Visual C++

Code size:
159 KB (162,816 bytes)

The file roundworld.dll has been discovered within the following program.

Round World  by Yontoo Technology, Inc.
Round World is an adware program that installs as a web browser plugin to inject and display advertisements.
myroundworld.com/support
81% remove it
 
Powered by Should I Remove It?

The file roundworld.dll has been seen being distributed by the following 2 URLs.

http://install-cdn.myroundworld.com/bed?r=2015021708&bet=3

Remove roundworld.dll - Powered by Reason Core Security