home

b.dll

The module b.dll has been detected as a potentially unwanted program by 42 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘BitSAAver’. The library is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
MD5:
509f09daa2df6ceda552285c4dfce83a

SHA-1:
615da85502d44881292034bfb41c9a3b4892aa15

SHA-256:
348d1a195a27531e86d3b9ae3e2577e6683ff3396048f8d154c5e8bd2e2804fe

Scanner detections:
42 / 68

Status:
Potentially unwanted

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
5/10/2024 3:58:33 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Ramnit.N
835

AegisLab AV Signature
AdWare.W32.MegaSearch
2.1.4+

Agnitum Outpost
Win32.Nimnul.Gen.2
7.1.1

AhnLab V3 Security
Win32/Ramnit.G
14.10.22

Avira AntiVirus
W32/Ramnit.C
7.11.142.34

avast!
Win32:MultiPlug-CQ [PUP]
141003-0

AVG
Adware Generic_r.GU
2014.0.4040

Baidu Antivirus
Virus.Win32.Nimnul.$a
4.0.3.141022

Bitdefender
Win32.Ramnit.N
1.0.20.1475

Bkav FE
W32.InjectAdwaredDwnA1.PE
1.3.0.4959

Clam AntiVirus
W32.Ramnit-1
0.98/18355

Comodo Security
Virus.Win32.Ramnit.K
18072

Dr.Web
Trojan.Crossrider.2200
9.0.1.0295

Emsisoft Anti-Malware
Win32.Ramnit.N
8.14.10.22.04

ESET NOD32
Win32/AdWare.MultiPlug.N application
7.0.302.0

Fortinet FortiGate
W32/Ramnit.C
10/22/2014

F-Prot
W32/Ramnit.E
v6.4.7.1.166

F-Secure
Win32.Ramnit.N
11.2014-22-10_4

G Data
Win32.Ramnit
14.10.24

IKARUS anti.virus
AdWare.MegaSearch
t3scan.1.6.1.0

K7 AntiVirus
Virus
13.176.11696

Kaspersky
Virus.Win32.Nimnul
14.0.0.3061

Malwarebytes
PUP.Optional.MultiPlug.A
v2014.10.22.04

McAfee
W32/Ramnit.a
5600.6969

Microsoft Security Essentials
Virus:Win32/Ramnit.J
1.10401

MicroWorld eScan
Win32.Ramnit.N
15.0.0.885

NANO AntiVirus
Virus.Win32.Nimnul.bqjjnb
0.28.0.59048

Norman
Ramnit.AS
11.20141022

nProtect
Virus/W32.SpyEye
14.04.08.01

Panda Antivirus
W32/Cosmu.E
14.10.22.04

Qihoo 360 Security
Virus.Win32.Ramnit.A
1.0.0.1015

Quick Heal
W32.Ramnit.A
10.14.12.00

Reason Heuristics
Threat.Win.Reputation.IMP
14.10.22.16

Rising Antivirus
PE:Win32.Mgr.b!1594784
23.00.65.141020

Sophos
W32/Ramnit-A
4.98

SUPERAntiSpyware
Adware.Multiplug/Variant
10284

Total Defense
Win32/Ramnit.C
37.0.10866

Trend Micro House Call
PE_RAMNIT.DEN
7.2.295

Trend Micro
PE_RAMNIT.DEN
10.465.22

Vba32 AntiVirus
Virus.Win32.Nimnul.b
3.12.26.0

VIPRE Antivirus
Virus.Win32.Ramnit.b
28148

ViRobot
Win32.Nimnul.A
2011.4.7.4223

File size:
415 KB (424,960 bytes)

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\ProgramData\bitsaaver\b.dll

File PE Metadata
Compilation timestamp:
1/27/2014 5:01:04 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:eRFiWBHu0TKfV5WRWucmqzNfsDv1SRlizGoItpw6KzKnqN+kE0:e3iWBFKfVfHi1SRlIAfw69qN+kE0

Entry address:
0x33BE1

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 71, 52, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 18, 2D, 05, 10, E8, 70, 0D, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 8C, AF, 05, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, E4, B3, 04, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
262 KB (268,288 bytes)

Internet Explorer BHO
Display name:
BitSAAver

CLSID:
{748C7E17-3214-2BD4-C2D9-E46133A38889}


Remove b.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.