» backup-20130508-132411-477.dll
Overview
Analysis
File Details
Programs (1)

backup-20130508-132411-477.dll

Auto Lyrics

Ilan Bio 2009 Ltd

The module backup-20130508-132411-477.dll by Ilan Bio 2009 has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Auto Lyrics by Mansoft Union which is a potentially unwanted software program.

File name:

backup-20130508-132411-477.dll

Publisher:

Mansoft Union (signed by Ilan Bio 2009 Ltd)

Product:

Auto Lyrics

Version:

111

MD5:

8d43b3f59015aeba2a4b39b844bbdaef

SHA-1:

f93ac48208ba127edb9faa4905488cc0ba36af97

SHA-256:

feb03cde1c2715de33f533586d2b98c123a0ff3e65f0d2cee383ab3c5eae628f

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/25/2024 1:37:59 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.IlanBio2 (M)

16.5.31.7

File size:

131.5 KB (134,704 bytes)

Product version:

111

Original file name:

autolrcs.dll

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\users\{user}\downloads\backups\backup-20130508-132411-477.dll

Digital Signature

Signed by:

Ilan Bio 2009 Ltd

Authority:

COMODO CA Limited

Valid from:

2/12/2013 10:00:00 AM

Valid to:

2/13/2014 9:59:59 AM

Subject:

CN=Ilan Bio 2009 Ltd, O=Ilan Bio 2009 Ltd, STREET=P.B 65, L=Moshav Givaat Hen, S=Israel, PostalCode=43905, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

26A6370982A0E4D04FE7C8746B0BF071

File PE Metadata

Compilation timestamp:

4/22/2013 3:07:56 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:TIcnPp4qO2gAmmn63a2kI2DYu6nY0jBkJ3:8s46Tmmnia2kIiu96

Entry address:

0x9CB7

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, AC, 56, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, 60, C7, 01, 10, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, F5, DC, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, E5, DC, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, 19, 01, 00, 00, 8B... 
[+]

Entropy:

6.4844

Code size:

84 KB (86,016 bytes)

The file backup-20130508-132411-477.dll has been discovered within the following program.

Auto Lyrics by Mansoft Union

Auto Lyrics is a web browser extension and Browser helper Object (for Internet Explorer) that delivers contextual based advertising to the web browser. In addition it will modify the user's browser home and search pages as well as 'New Tab' pages to push advertising and search.

66% remove it

Remove backup-20130508-132411-477.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.