» wildwest.dll
Overview
Analysis
File Details

wildwest.dll

Wild West

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module wildwest.dll by Wild West has been detected as adware by 23 anti-malware scanners. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

wildwest.dll

Publisher:

Wild West (signed and verified)

Product:

Wild West

Version:

1.0.0.7

MD5:

3ef9508f3295b4b890ad2f56d77d7dbe

SHA-1:

7784156601baa16e2879a543c1082ead9945c2ed

SHA-256:

6a3971904d5123e330b8631ec332ed71ad2266619997dbcf1295dcee6b0bbc92

Scanner detections:

23 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

12/27/2024 7:36:48 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

Avira AntiVirus

ADWARE/BrowseFox.Gen2

7.11.219.36

AVG

BrowseFox

2016.0.3142

Baidu Antivirus

Adware.Win32.BrowseFox

4.0.3.15411

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Trojan.Yontoo.1734

9.0.1.0101

ESET NOD32

Win32/BrowseFox.AE potentially unwanted application

9.7.0.302.0

Fortinet FortiGate

Riskware/BrowseFox

4/11/2015

F-Prot

W32/S-f64f6ec1

v6.4.7.1.166

herdProtect (fuzzy)

variant of wildwestbho.dll (Adware)

2015.7.14.9

IKARUS anti.virus

PUA.BrowseFox

t3scan.1.8.9.0

K7 AntiVirus

Trojan

13.202.15408

Malwarebytes

PUP.Optional.WildWest.A

v2015.04.11.08

McAfee

Artemis!3EF9508F3295

5600.6798

NANO AntiVirus

Trojan.Win32.Yontoo.dnkubo

0.30.8.659

Qihoo 360 Security

HEUR/QVM30.1.Malware.Gen

1.0.0.1015

Reason Heuristics

Threat.Yontoo.WildWest

15.4.14.13

Rising Antivirus

PE:Adware.BrowseFox!6.1D8B

23.00.65.15409

Sophos

Generic PUA HH

4.98

Trend Micro House Call

TROJ_GEN.R047C0OCM15

7.2.101

Trend Micro

TROJ_GEN.R047C0OCM15

10.465.11

Vba32 AntiVirus

AdWare.MSIL.Agent

3.12.26.3

VIPRE Antivirus

Yontoo

38840

File size:

262.7 KB (269,040 bytes)

Product version:

1.0.0.7

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\p1fll2ag\wildwest.dll

Digital Signature

Signed by:

Wild West

Authority:

VeriSign, Inc.

Valid from:

1/10/2015 7:00:00 PM

Valid to:

1/11/2016 6:59:59 PM

Subject:

CN=Wild West, O=Wild West, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

496B67C883386C82B7E6FF63CEFE1466

File PE Metadata

Compilation timestamp:

3/14/2015 10:25:55 PM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:H2CYU/9J7yX8LVxQbqHVOhB+PVG63Qv+8e2mZKTPRUg/MsCUmcE9:H2CYUf+sLVW4VOy+vTmZY2o6

Entry address:

0xF515

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, EA, 7E, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, B8, 21, 03, 10, E8, 4C, 02, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 0C, 77, 03, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, C4, 93, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

6.0704

Developed / compiled with:

Microsoft Visual C++

Code size:

159 KB (162,816 bytes)

Remove wildwest.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.