ScanTack.FirstRun.exe

FirstRun

Scan Tack

The Yontoo branded FirstRun executable is distributed as part of a Yontoo product bundle and is desigend to install components of this ad-supported (injection) program as well as 'call home' to inform the server that the extension was installed and may request additional instructions. The application ScanTack.FirstRun.exe by Scan Tack has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Scan Tack  (signed and verified)

Product:
FirstRun

Version:
1.0.0.0

MD5:
a1c9ee40345c1975ecdde3c06a0acd70

SHA-1:
45ff6366b874d0e50d8ff117077204b4d485718f

SHA-256:
caf11146c8b8efb7fcbcc1795c5a9c19c15b712afd5770e8e4c9edff4728b64c

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Yontoo ad injection web browser add-on.

Analysis date:
11/27/2024 12:05:58 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Yontoo (M)
17.3.7.21

File size:
1.1 MB (1,122,592 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2014

Original file name:
ScanTack.FirstRun.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\scantack\scantack.firstrun.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/21/2014 6:00:00 PM

Valid to:
1/22/2015 5:59:59 PM

Subject:
CN=Scan Tack, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Scan Tack, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
44D91A3142283CE62B23F23C84838B0D

File PE Metadata
Compilation timestamp:
4/28/2014 1:34:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x111D92

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00...
 
[+]

Entropy:
7.9259

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.1 MB (1,113,600 bytes)

Remove ScanTack.FirstRun.exe - Powered by Reason Core Security