PodoWeb - 35% Detection Rate *

Did you just find a download or a file on your computer that is digitally signed by PodoWeb? Some of the security products refers to the detected files as Adware.SwiftBrowse.CV and AdWare.SwiftBrowse. The detection rate for the PodoWeb files collected here is 35%. Please read on for more details.

You will probably notice PodoWeb when running the file. The publisher name is displayed as the "Verified publisher" in the UAC dialog as the screenshot shows:

Screenshot where PodoWeb appears as the verified publisher in the UAC dialog

You can also view the PodoWeb certificate with the following procedure:

  1. Open up Windows Explorer and locate the PodoWeb file
  2. Right-click the file and select Properties
  3. Click the Digital Signatures tab
  4. Click the View Certificate button

Here is a screencap of a file signed by PodoWeb:

Screenshot of the PodoWeb certificate

As you can see in the screenshot above, Windows reports that "This digital signature is OK". This means that the file has been published by PodoWeb and that the file has not been tampered with.

If you click the View Certificate button shown in the screenshot above, you can see all the details of the certificate, such as when it was issued, who issued the certificate, how long it is valid, etc. You can also view the address for PodoWeb, such as the street name, city and country.

DigiCert Assured ID Code Signing CA-1 and VeriSign Class 3 Code Signing 2010 CA has issued the PodoWeb certificates. You can also examine the details of the issuer by clicking the View Certificate button shown in the screenshot above.

PodoWeb Files

These are the PodoWeb files I've gathered, thanks to the FreeFixer users.

Detection RatioFile Name
10/54{00c97d86-accb-4288-9972-6d929c1fe93a}Gw64.sys
26/54maintainer.exe
7/55{00c97d86-accb-4288-9972-6d929c1fe93a}gw64.sys
11/55{00c97d86-accb-4288-9972-6d929c1fe93a}gw64.sys
10/55{00c97d86-accb-4288-9972-6d929c1fe93a}w.sys
19/54PodoWebbho.dll
11/55{00c97d86-accb-4288-9972-6d929c1fe93a}gw64.sys
8/54{00c97d86-accb-4288-9972-6d929c1fe93a}gw64.sys
25/56{6b9234ab-d79f-41db-86f9-8be7a3e9ee74}gw64.sys
35/56maintainer.exe
35/56maintainer.exe
3/55{98e700ee-1d13-4cd6-97a6-d8d4d2f0a35b}gw64.sys

Scanner and Detection Names

Here is the detection names for the PodoWeb files. I've grouped the detection names by each scanner engine. Thanks to VirusTotal for the scan results.

ScannerDetection Names
ALYacAdware.SwiftBrowse.CH, Adware.SwiftBrowse.CV
AVGGeneric.33B, Generic.4CA, BrowseFox.F, Generic6.DAP, AdPlugin.CWT
AVwareTrojan.Win32.Generic!BT, Yontoo, Yontoo (fs)
Ad-AwareGen:Variant.Adware.SwiftBrowse.1, Adware.SwiftBrowse.CH, Adware.SwiftBrowse.CV
AgnitumPUA.Yotoon!, Trojan.BPlug!, Riskware.Agent!
AhnLab-V3Trojan/Win64.SwiftBrowse, Adware/Win32.SwiftBrowse, Adware/Win32.BHO, Win-PUP/BrowseFox.Gen, PUP/Win32.BrowseFox
Antiy-AVLGrayWare[AdWare:not-a-virus]/Win32.Kranet, GrayWare[NetTool:not-a-virus]/Win64.NetFilter.a, GrayWare[AdWare:not-a-virus]/Win32.Yotoon.bfm, GrayWare[AdWare:not-a-virus]/Win64.Agent
AvastWin32:Adware-BYZ [PUP], MSIL:BrowseFox-AJ [PUP]
AviraADWARE/BrowseFox.Gen7, ADWARE/BrowseFox.Gen2
Baidu-InternationalAdware.Win32.BrowseFox.BV, Adware.Win32.BrowseFox.BO, Adware.Win64.BrowseFox.bAQ, Adware.Win32.BrowseFox.V
BitDefenderGen:Variant.Adware.SwiftBrowse.1, Adware.SwiftBrowse.CH, Adware.SwiftBrowse.CV
BkavW32.HfsAdware.9A29
CAT-QuickHealAdWare.Yotoon.A5, PUA.Podoweb1.Gen
ClamAVWin.Adware.Agent-22685, Win.Adware.Swiftbrowse-497, Win.Adware.Agent-41785
ComodoApplication.Win32.BrowseFox.JM, Application.Win32.BrowseFox.B
CyrenW32/S-ad054542!Eldorado
DrWebTrojan.BPlug.123, Trojan.BPlug.281, Trojan.BPlug.144, Tool.NetFilter.313, Trojan.BPlug.437, Trojan.Yontoo.1734
ESET-NOD32Win32/BrowseFox.V, a variant of Win32/BrowseFox.O, a variant of Win64/BrowseFox.AQ, a variant of Win32/BrowseFox.V potentially unwanted
EmsisoftGen:Variant.Adware.SwiftBrowse.1 (B), Adware.SwiftBrowse.CH (B), Adware.SwiftBrowse.CV (B)
F-ProtW64/A-59c9c70a!Eldorado, W32/A-de841313!Eldorado, W32/S-ad054542!Eldorado
F-SecureGen:Variant.Adware.SwiftBrowse.1, Adware.SwiftBrowse.CH, Adware.SwiftBrowse.CV
FortinetRiskware/BrowseFox
GDataGen:Variant.Adware.SwiftBrowse.1, Adware.SwiftBrowse.CH, Adware.SwiftBrowse.CV
IkarusAdWare.SwiftBrowse, not-a-virus:AdWare.Kranet, PUA.BrowseFox
JiangminAdWare/Yotoon.m, AdWare/Yotoon.l, AdWare/Yotoon.aq, AdWare/Yotoon.ap, AdWare/SwiftBrowse.ssl
K7AntiVirusAdware ( 0040f9f21 ), Trojan ( 004af26b1 ), Adware ( 004b92811 )
K7GWAdware ( 004b92811 )
Kasperskynot-a-virus:AdWare.Win32.Yotoon.bfm
MalwarebytesPUP.Optional.PodoWeb.A, PUP.Optional.SwiftBrowse, PUP.Optional.BrowseFox
McAfeeArtemis!965CA3FDA2D9, RDN/Generic.grp!hm, Artemis!E95839B0DB94, Artemis!ADB0FC8DCC1E, BrowseFox-FTR, BrowseFox-FXS
McAfee-GW-EditionArtemis, Artemis!A288B792D14F, BrowseFox-FTR, BrowseFox-FXS
MicroWorld-eScanGen:Variant.Adware.SwiftBrowse.1, Adware.SwiftBrowse.CH, Adware.SwiftBrowse.CV
NANO-AntivirusRiskware.Win32.Kranet.dgiwfc, Trojan.Win32.BPlug.dfogbn, Trojan.Win32.Yontoo.dpmcsm
PandaTrj/CI.A
Qihoo-360Win32/Virus.Adware.708, HEUR/QVM30.1.Malware.Gen, HEUR/QVM10.1.Malware.Gen
SUPERAntiSpywareAdware.SwiftBrowse
SophosGeneric PUA PK, Generic PUA KI, Browse Fox
SymantecYontoo.C, WS.Reputation.1, Yontoo
TencentWin32.Trojan.Falsesign.Hssi, Win32.Trojan.Falsesign.Akou, Win32.Trojan.Falsesign.Syrp, Win32.Trojan.Falsesign.Edxr, Win32.Trojan.Falsesign.Htct, Win32.Trojan.Falsesign.Hqvl, Win32.Trojan.Falsesign.Pgmp
TrendMicroHS_BROWSEFOX.SM
TrendMicro-HouseCallSuspicious_GEN.F47V0819, Suspicious_GEN.F47V1029, HS_BROWSEFOX.SM
VBA32AdWare.Kranet, AdWare.Win64.Yotoon, AdWare.Yotoon, AdWare.SwiftBrowse
VIPRETrojan.Win32.Generic!BT, Yontoo, Yontoo (fs)
ZillyaAdware.Yotoon.Win64.3, Adware.Kranet.Win32.476, Adware.Yotoon.Win64.7, Adware.Yotoon.Win64.14, Adware.Agent.Win32.52012
nProtectAdware.SwiftBrowse.CH, Trojan-Clicker/W32.Yotoon.123632, Adware.SwiftBrowse.CV

* How the Detection Percentage is Calculated

The detection percentage is based on that I've collected 714 scan reports for the PodoWeb files. 250 of these scan results came up with some sort of detection. You can review the full details of the scan reports by examining the files listed above.

Analysis Details

The analysis is based on certificates with the following serial numbers:

Comments

Henry Gilbert writes

0 thumbs

I liked your review of PodoWeb’s detection rate and how its files are classified by various security products. It’s concerning to see a 35% detection rate for these files, which may indicate potential risks for users. As we become more dependent on digital platforms, it's essential to stay aware of such threats. I was looking for more ideas on cybersecurity and related topics for my college studies, and was recommended to look
https://www.linkedin.com/feed/update/urn:li:activity:7215309899088474113 for additional resources. Staying informed is crucial in today’s tech-driven world.






# 3 Oct 2024, 8:24

Leave a reply