» 2rs3.dll
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

2rs3.dll

ADPeak Inc

Part of an Adpeak program that shows ads in the browser without providing information about the ad's origin. Ads are injected as banners or text-links in random web pages. The module 2rs3.dll by ADPeak Inc has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘2rs3’. This file is typically installed with the program suprasavings by Opiniads which is a potentially unwanted software program.

File name:

2rs3.dll

Publisher:

ADPeak Inc (signed and verified)

MD5:

1d46ff880607a51644baad5dde0498b5

SHA-1:

277184da3c9ea2978f906c19295efb5c5b05312d

SHA-256:

b8279354688925804493edff219919587bf05b48a3fe0040db43d2a7de7e2a92

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/25/2024 7:04:40 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.BHO.ADPeak.E

14.8.7.23

File size:

89 KB (91,104 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\suprasavings\2rs3.dll

Digital Signature

Signed by:

ADPeak Inc

Authority:

DigiCert Inc

Valid from:

2/25/2014 4:00:00 PM

Valid to:

3/2/2015 4:00:00 AM

Subject:

CN=ADPeak Inc, O=ADPeak Inc, L=SARASOTA, S=Florida, C=US, PostalCode=34233, STREET=5760 Mead Ave, SERIALNUMBER=5016610, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization

Issuer:

CN=DigiCert EV Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

06C60DAA1859106255274CBE617ADF86

Registration

CLSID:

{10AD2C61-0898-4348-8600-14A342F22AC3}

COM registered:

Yes

File PE Metadata

Compilation timestamp:

3/21/2014 9:57:29 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

1536:gc2lu94Lfni/qbIqwaksvnHB52xCeCrvt:YAeLfA855beCrV

Entry address:

0x2F46

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 43, 2F, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 50, 44, 01, 10, 89, 0D, 4C, 44, 01, 10, 89, 15, 48, 44, 01, 10, 89, 1D, 44, 44, 01, 10, 89, 35, 40, 44, 01, 10, 89, 3D, 3C, 44, 01, 10, 66, 8C, 15, 68, 44, 01, 10, 66, 8C, 0D, 5C, 44, 01, 10, 66, 8C, 1D, 38, 44, 01, 10, 66, 8C, 05, 34, 44, 01, 10, 66, 8C, 25, 30, 44, 01, 10, 66, 8C, 2D, 2C, 44, 01, 10, 9C, 8F, 05, 60, 44... 
[+]

Entropy:

6.4573

Code size:

53.5 KB (54,784 bytes)

Internet Explorer BHO

CLSID:

{10AD2C61-0898-4348-8600-14A342F22AC3}

CLSID name:

2rs3

The file 2rs3.dll has been discovered within the following program.

suprasavings by Opiniads

Injects advertising in the user's web browser and is included in download bundles from distributors such as Apps Installer SL. From the installer: "After installing SupraSavings, you may receive ads as you browse the web that are identified as SupraSavings advertisements.

84% remove it

Remove 2rs3.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.