» 0kbkio5g8yjlll.dll
Overview
Analysis
File Details
Programs (2)

0kbkio5g8yjlll.dll

The module 0kbkio5g8yjlll.dll has been detected as a potentially unwanted program by 12 anti-malware scanners. Additionally, the file is typically installed by a number of programs including DiscountLocator by InstalleRex-WebPick and ApptoU by InstalleRex-WebPick , both potentially unwanted software.

File name:

0kbkio5g8yjlll.dll

MD5:

7e61fef6948fc1aa1cb31d42b274cefb

SHA-1:

bff9450ed225c31548426c98ebcf6055ba7a2bb9

SHA-256:

05166d95acb90a6b9a539ef9aa864b86affc1099249dd1fda6e19ff88496ced9

Scanner detections:

12 / 68

Status:

Potentially unwanted

Analysis date:

4/18/2024 6:52:51 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Graftor.153998

776

AhnLab V3 Security

PUP/Win32.Generic

2014.12.22

Avira AntiVirus

ADWARE/MultiPlug.Gen

7.11.197.16

Bitdefender

Gen:Variant.Adware.Graftor.153998

1.0.20.1775

Comodo Security

Application.Win32.MultiPlug.BNJ

20432

Emsisoft Anti-Malware

Gen:Variant.Adware.Graftor.153998

8.14.12.21.08

ESET NOD32

Win32/AdWare.MultiPlug.BN (variant)

8.10910

F-Secure

Gen:Variant.Adware.Graftor.153998

11.2014-21-12_1

G Data

Gen:Variant.Adware.Graftor.153998

14.12.24

MicroWorld eScan

Gen:Variant.Adware.Graftor.153998

15.0.0.1065

Panda Antivirus

Trj/Genetic.gen

14.12.21.08

Reason Heuristics

Threat.Win.Reputation.IMP

14.12.21.8

File size:

500.5 KB (512,512 bytes)

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\buuyynsaive\0kbkio5g8yjlll.dll

Registration

CLSID:

{2e3f9f26-3f71-4c65-bca6-1124a96275ad}

ProgID:

BuyNsave.9

COM registered:

Yes

File PE Metadata

Compilation timestamp:

11/10/2014 1:12:24 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:uAtCLQnNttPc6+0GaMHsBYDAEVdf7HZxdD/7cwQX3MeSS:uAlc0Gw29776X3M3

Entry address:

0x46951

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 02, 50, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, F8, 36, 06, 10, E8, 50, 0B, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 78, FC, 06, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, A8, A3, 05, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

327 KB (334,848 bytes)

The file 0kbkio5g8yjlll.dll has been discovered within the following programs.

ApptoU by InstalleRex-WebPick

AppToU is an adware program that will display extra advertisements when users are using search engines such as Bing and Google. In Chrome, it installs itself as an extension and in Internet Explorer it runs as a process as well as a Browser Helper Object.

83% remove it

DiscountLocator by InstalleRex-WebPick

DiscountLocator is an adware program that will display extra advertisements when users are using search engines such as Bing and Google. In Chrome, it installs itself as an extension and in Internet Explorer it runs as a process as well as a Browser Helper Object.

79% remove it

Remove 0kbkio5g8yjlll.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.