from Understanding Java Code and Malware | Malwarebytes Unpacked
A recently discovered adware called Window Range Manager aka Winrange uses Chrome components to display 3D advertisements.
Found in the installed folder C:\Program Files (x86)\winrange were the files libEGL.dll and libGLESv2.dll that belong to the SwiftShader components that Google uses to let you see advanced 3D graphics as well as the Widevine CDM components that Chrome needs the to play protected audio and video content using HTML5 media elements.
It also deploys pepflashplayer.dll in the folder C:\Program Files (x86)\winrange\plugins which is a Adobe Flash Player library.
How can I tell if I’m affected?
The installer creates a misdated (one year old) entry in your list of “Programs and Features”.
It will be listed as Window Range Manager by Plamsoft Inc.
Low impact
Given that the program depends on MSVCP120.dll I’m pretty sure it will not run on the majority of machines unless you installed the Visual C++ Redistributable Packages for Visual Studio 2013 for another reason previously. If you did not, winrange.exe will error out silently.
Detection and protection
The installer is detected as PUP.Optional.WindowRangeManager and users of Malwarebytes Anti-Malware Premium are protected against it.
Most of the installed files and the registry changes are detected and removed as PUP.Optional.WinRange
File details
The installer was downloaded from rangesoft[dot]org which is blocked by our Malicious Website Protection.
Md5 install.exe : ee6716f2f294641fda7de06a211a2d7d
The contacts made by the installer also hail rangesoft[dot]org
Full install logs and a removal guide can be found on our forums.
Summary
If this were a software review we’d say the adware has potential, but needs some work. It uses libraries able to deliver high quality content, but fails to do so on most systems. But whether it works for you or not, we recommend removing it if you find it on your computer.
As always, be careful what you download and from where.
Pieter Arntz