Girafarri

Publisher Information

Girafarri is a brand of the Sambreel/Yontoo group, a web advertising company located in Carlsbad, CA. The company is a primary distributor of unwanted software. It is part of the Yontoo/Sambreel group and distributes web browser add-ons, typically potentially unwanted and adware in nature, that are designed to modify a user's typical search beahvior as well as display context and popup advertising.
Authority:
VeriSign, Inc.

Valid from:
4/21/2014 9:00:00 PM

Valid to:
4/22/2015 8:59:59 PM

Subject:
CN=Girafarri, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Girafarri, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2fb197284297d52000599aa2f7d0668f

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Yontoo (M), Adware.Yontoo (M)
100.00%

1 / 68      (Adware)
appmgr.bak  (fd34761dc27de0c32a7c449e09e04fbe)

1 / 68      (Adware)
cytiweb.purbrowseg.dll  (4928f36174ad609b3330c4475425b31a)

1 / 68      (Adware)
cytiweb.purbrowse.exe  (a356030d0840d4662ce527b0adc0fe5c)

1 / 68      (Adware)
cytiweb.purbrowse64.exe  (f34d9c3efaf15b7d80a9078abb61c113)

1 / 68      (Adware)
cytiweb.browseradapter64.exe  (0766e019e1cbd4d3a2cfa1c71e4153f8)

1 / 68      (Adware)
cytiweb.browseradapter.exe  (eef76f491a2447f3cc44cd183b89267b)

1 / 68      (Adware)
cytiweb.purbrowseg.dll  (ec9faaa58ce415e5893e00ef95b3da90)

1 / 68      (Adware)
cytiweb.purbrowse64.exe  (9ecaeb8a4ab2a7841371586283740b4a)

1 / 68      (Adware)
cytiweb.purbrowse.exe  (3dbfbe3bb22490034107b01977c0d56b)

1 / 68      (Adware)
cytiwebuninstall.exe  (d40291c4e585a5526306afa7fc4fa8ef)

1 / 68      (Adware)
cytiweb.purbrowse.exe.tmp  (a5956871c1cbe9eca3e742c873343be4)

1 / 68      (Adware)
{09c3ffd6-f1a3-4fde-86e1-d448e8559c21}gt.sys (StdLib)  (5daa787b1fd6e9e15d76dbaed9152813)

1 / 68      (Adware)
cytiweb.mg.exe  (fe12057931c75ae15895db30fd4c7eb5)

1 / 68      (Adware)
trzc8cb.tmp  (59152f669a33fac7a4f5642727d2bb19)

1 / 68      (Adware)
trz6ee8.tmp  (10f492e7db2b74c25be0ea87e9ab4af2)

1 / 68      (Adware)
trz5c43.tmp  (4042b068fe0e306c192a97b0c75a826c)

1 / 68      (Adware)
{34789ec0-129d-4a2d-b089-9977cdae65db}t.sys (StdLib)  (de10d7a82f036dcbd91851ceceded2e1)

1 / 68      (Adware)

1 / 68      (Adware)
trzadef.tmp  (ab21929cd355f856a30316c36edcfb3c)

1 / 68      (Adware)
trz4742.tmp  (00c7e6591ef4c7d2f9c91627ed361a32)

1 / 68      (Adware)
cytiweb.purbrowseg.dll  (2a98de85aaef5cb626d16e00b8aec425)

1 / 68      (Adware)
cytiweb.expext.dll  (80def27f857f6e6745e5544e496b488e)

1 / 68      (Adware)
cytiweb.browseradapter64.exe  (204b4e26c91c224c7d10022d702b8ddd)

1 / 68      (Adware)
cytiweb.browseradapter.exe  (a63cfc6c78d0f2375a80c9dcb270972d)

1 / 68      (Adware)

1 / 68      (Adware)

1 / 68      (Adware)
09c3ffd6f1a34fde86e1.dll  (d355314841a8866e0ad8f58bd908f476)

1 / 68      (Adware)
cytiweb.purbrowse64.exe  (68592297ac6139f0b151c04067ab27ec)

1 / 68      (Adware)
{09c3ffd6-f1a3-4fde-86e1-d448e8559c21}gt.sys (StdLib)  (946ae5529b1cd0f4323117a10210da38)

1 / 68      (Adware)
{09c3ffd6-f1a3-4fde-86e1-d448e8559c21}t.sys (StdLib)  (b378dd51931952e17013baf2ba8d0b9b)

 
Latest 30 of 4,535 files

The following publishers (by Authenticode signature organization name) are related.

30 of 158 publishers

* Note, the details and description above are based on the code signing digital signature issued to Girafarri by VeriSign, Inc. on April 21, 2014 with the serial number '2fb197284297d52000599aa2f7d0668f'.