home

blindbatbho.dll

blindbat

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module blindbatbho.dll by blindbat has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program blindbat by Yontoo Technology, Inc. which is a potentially unwanted software program.
Publisher:
blindbat  (signed and verified)

Product:
blindbat

Version:
1.0.0.1

MD5:
9dd61a1421810ff05dd8ec0d39f17511

SHA-1:
8ca44dc5fd440eac2e7f28186da51aee6b12eacc

SHA-256:
a1e02dccc34bb43cc1a5e8ba2a59d3f7eb2a8fe8f98ec0e9d2e3044dc314824b

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:
4/16/2024 8:16:35 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Yontoo (M)
16.11.12.11

File size:
243.8 KB (249,624 bytes)

Product version:
1.0.0.1

Copyright:
(c) blindbat. All rights reserved.

Original file name:
blindbatIEClient.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\blindbat\blindbatbho.dll

Digital Signature
Signed by:
blindbat

Authority:
VeriSign, Inc.

Valid from:
11/26/2013 4:00:00 PM

Valid to:
11/27/2014 3:59:59 PM

Subject:
CN=blindbat, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=blindbat, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0B7F97173CD91AC680AED809CA9B3B59

File PE Metadata
Compilation timestamp:
1/7/2014 9:30:25 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:bbg/u6hwzes/ioWORilDYfhOYMBa/5A+nrIaIvlYJnLGgvMW:bbg1CqpOvrMsAUIt0LjvMW

Entry address:
0x12844

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 41, 8D, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 70, 2D, 03, 10, E8, BD, 01, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 04, 68, 03, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, CC, A1, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
6.3692

Developed / compiled with:
Microsoft Visual C++

Code size:
159 KB (162,816 bytes)

The file blindbatbho.dll has been discovered within the following program.

blindbat  by Yontoo Technology, Inc.
This adware program injects advertisements with its affiliate ad providers in order to serve a number of ad types including banner, inline text links and popups.
blindbat.info/support
80% remove it
 
Powered by Should I Remove It?

Remove blindbatbho.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.