utillinkidoo.exe

LinkiDoo

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application utillinkidoo.exe by LinkiDoo has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Util LinkiDoo”. Additionally, the file is typically installed by a number of programs including LinkiDoo by Yontoo Technology, Inc. and Buzzdock by Alactro LLC, both potentially unwanted software.
Publisher:
LinkiDoo  (signed and verified)

Version:
1.0.5317.14173

MD5:
3ebaefbea1f1428265a4790e0c6bb36f

SHA-1:
0333669a715b30f410ae258089f610a4463a6d99

SHA-256:
c9c758b1ec954d2204063460b88e6d6da4ea1e836b6d8a26cfa50d95a89ad6a2

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:
11/23/2024 3:21:41 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Yontoo (M)
17.1.20.20

File size:
314.3 KB (321,824 bytes)

Product version:
1.0.5317.14173

Original file name:
LinkiDoo.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\linkidoo\bin\utillinkidoo.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
11/13/2013 7:00:00 PM

Valid to:
11/14/2014 6:59:59 PM

Subject:
CN=LinkiDoo, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=LinkiDoo, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
16487AE4D41996362A00032679DAB9D3

File PE Metadata
Compilation timestamp:
7/23/2014 4:52:41 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x4E58E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.0928

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
305.5 KB (312,832 bytes)

Service
Display name:
Util LinkiDoo

Type:
Win32OwnProcess


The file utillinkidoo.exe has been discovered within the following programs.

Buzzdock  by Alactro LLC
This is a web browser extension that injects advertising. From the EULA: "Buzzdock is free to download and use. Buzzdock is supported by advertising, and users will see additional ads on websites where Buzzdock features operate.
www.buzzdock.com/faq-support
79% remove it
LinkiDoo  by Yontoo Technology, Inc.
LinkiDoo is an adware extension that plugs into the user's web browser for IE, Chrome and Firefox and will display additional advertisements in search engines such as Bing and Google. It installs itself as a browser extension/toolbar and runs as a background process.
linkidoo.biz/support
84% remove it
 
Powered by Should I Remove It?

Remove utillinkidoo.exe - Powered by Reason Core Security