home

WebSpades.FirstRun.exe

FirstRun

WebSpades

The Yontoo branded FirstRun executable is distributed as part of a Yontoo product bundle and is desigend to install components of this ad-supported (injection) program as well as 'call home' to inform the server that the extension was installed and may request additional instructions. The application WebSpades.FirstRun.exe by WebSpades has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
WebSpades  (signed and verified)

Product:
FirstRun

Version:
1.0.0.0

MD5:
fe5483ab48d42a19bee72fc7bc3b593c

SHA-1:
e86ecd308de6399b7e3bd9a7d2933f09bd352372

SHA-256:
0ff847e160192d7c8f6e5a321a01e2ce13c55b12fe31e4c11bb9818a3cff854d

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Part of the Yontoo ad injection web browser add-on.

Analysis date:
11/23/2024 6:20:38 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Yontoo (M)
17.3.9.18

File size:
1.1 MB (1,122,592 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2014

Original file name:
WebSpades.FirstRun.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\webspades\webspades.firstrun.exe

Digital Signature
Signed by:
WebSpades

Authority:
VeriSign, Inc.

Valid from:
2/4/2014 5:30:00 AM

Valid to:
2/5/2015 5:29:59 AM

Subject:
CN=WebSpades, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WebSpades, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
67B477151E4851C39D3B7BD0A019E603

File PE Metadata
Compilation timestamp:
4/25/2014 12:03:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x111D82

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9256

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.1 MB (1,113,600 bytes)

Remove WebSpades.FirstRun.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.