YontooIEClient.dll

Yontoo Layers Runtime (Drop Down Deals)

Yontoo LLC

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module YontooIEClient.dll by Yontoo has been detected as adware by 6 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Yontoo Layer (Drop Down Deals)s’. This file is typically installed with the program Yontoo Layers Runtime (Drop Down Deals) 1.10.01 by Yontoo Technology, Inc. which is a potentially unwanted software program.
Publisher:
Yontoo LLC  (signed and verified)

Product:
Yontoo Layers Runtime (Drop Down Deals)

Version:
1.10.01

MD5:
a089271e23086b675bc19a96f40b9b12

SHA-1:
0fb676e2296531f25ab24491836381a2a6e45615

SHA-256:
a7b734b3b93612cea6e8af63dfc204edf2f9897bd049fec708c5f1f781b4e4c2

Scanner detections:
6 / 68

Status:
Adware

Explanation:
Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:
11/23/2024 3:37:52 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
AdWare.Win32.Yontoo
4.0.3.141125

Comodo Security
Application.Win32.Yontoo.a
17545

Dr.Web
Adware.Siggen.24249
9.0.1.0329

ESET NOD32
Win32/Adware.Yontoo (variant)
8.9244

Reason Heuristics
PUP.BHO.Yontoo.O
14.11.25.23

VIPRE Antivirus
Yontoo
25042

File size:
191.8 KB (196,384 bytes)

Product version:
1.10.01

Copyright:
Copyright (c) 2011 Yontoo LLC. All rights reserved.

Original file name:
YontooIEClient.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\yontoo layers runtime (drop down deals)\yontooieclient.dll

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
5/9/2011 12:10:37 PM

Valid to:
5/9/2012 12:10:37 PM

Subject:
CN=Yontoo LLC, O=Yontoo LLC, L=Carlsbad, S=CA, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
07E1F9EBCCC1AC

File PE Metadata
Compilation timestamp:
10/21/2011 3:21:10 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:r3uj/w2iu1YRru38CogoQz3umwNnePDoqnRxLKU7gRljFfmybVU1:r3uY3RccQz3unNePDvKbq

Entry address:
0x12707

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, C5, 65, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, A3, D0, 8D, 02, 10, 5D, C3, 8B, FF, 55, 8B, EC, FF, 35, D0, 8D, 02, 10, FF, 15, 58, 01, 02, 10, 85, C0, 74, 0F, FF, 75, 08, FF, D0, 59, 85, C0, 74, 05, 33, C0, 40, 5D, C3, 33, C0, 5D, C3, 6A, 00, 68, 00, 10, 00, 00, 6A, 00, FF, 15, 50, 01, 02, 10, 33, C9, 85, C0, 0F, 95, C1, A3, D8, 8D, 02, 10, 8B, C1, C3, FF, 35, D8, 8D, 02, 10, FF, 15...
 
[+]

Entropy:
6.3366

Code size:
120 KB (122,880 bytes)

Internet Explorer BHO
Display name:
Yontoo Layer (Drop Down Deals)s

CLSID:
{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

CLSID name:
Yontoo Layers (Drop Down Deals)


The file YontooIEClient.dll has been discovered within the following program.

Yontoo is a web browser toolbar and extension that allows users to personalize their web experience when utilizing Internet Explorer, Mozilla Firefox, and Chrome.
www.dropdowndeals.com
88% remove it
 
Powered by Should I Remove It?

Remove YontooIEClient.dll - Powered by Reason Core Security