home

common.dll

Websteroids

Creative Island Media, LLC

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The module common.dll by Creative Island Media has been detected as adware by 22 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Websteroids’.
Publisher:
Creative Island Media, LLC  (signed and verified)

Product:
Websteroids

Version:
2.6.49

MD5:
eb4ae245cf7e6e609aa73c71dd02811e

SHA-1:
917cc94184463c512e93605fd7dc42b1e9a0b70f

SHA-256:
0c7e76a4121d9251d0092f78f3518ddc6e9f62252511ec6400f9339f77baf041

Scanner detections:
22 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
4/19/2024 11:09:47 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.NUR
618

avast!
Win32:BHO-AMO [PUP]
2014.9-150527

AVG
Generic
2016.0.3096

Bitdefender
Adware.Agent.NUR
1.0.20.735

Bkav FE
W32.Clod3d5.Trojan
1.3.0.4959

Dr.Web
Adware.Plugin.128
9.0.1.0147

Emsisoft Anti-Malware
Adware.Agent.NUR
8.15.05.27.11

ESET NOD32
Win32/ExFriendAlert (variant)
9.10492

Fortinet FortiGate
Riskware/ExFriendAlert
5/27/2015

F-Secure
Adware.Agent.NUR
11.2015-27-05_4

G Data
Adware.Agent.NUR
15.5.24

IKARUS anti.virus
AdWare.Agent
t3scan.1.7.8.0

Malwarebytes
PUP.Optional.CreativeIslandMedia
v2015.05.27.11

McAfee
Artemis!EB4AE245CF7E
5600.6752

MicroWorld eScan
Adware.Agent.NUR
16.0.0.441

NANO AntiVirus
Trojan.Win32.Plugin.ctuood
0.28.2.62440

nProtect
Adware.Agent.NUR
14.10.01.01

Reason Heuristics
PUP.Injekt.CreativeIslandMedia
15.5.27.19

Sophos
Search Donkey
4.98

VIPRE Antivirus
Injekt
33570

Zillya! Antivirus
Backdoor.PePatch.Win32.39673
2.0.0.1939

File size:
399.9 KB (409,464 bytes)

Product version:
2.6.49

Copyright:
(c) Creative Island Media, LLC

Original file name:
common.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\ProgramData\websteroids\ie\common.dll

Digital Signature
Signed by:
Creative Island Media, LLC

Authority:
VeriSign, Inc.

Valid from:
5/21/2013 1:00:00 AM

Valid to:
5/22/2014 12:59:59 AM

Subject:
CN="Creative Island Media, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Creative Island Media, LLC", L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
68F23F4D2767F6491DEA9186F2E5CB89

File PE Metadata
Compilation timestamp:
11/20/2013 3:45:16 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:Cwv0n4PCCWLGrloWs1qSnes/xkmNQc0PXfZxzspSGqBUWVoM3qit7:iUrXs1nn//9NUPXh1jait7

Entry address:
0x15A0C

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 14, 5D, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, A0, 9C, 04, 10, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, EE, C1, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, DE, C1, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, 19, 01, 00, 00, 8B, 4D, 10, 8D, 55, E8...
 
[+]

Entropy:
6.4210

Code size:
232.5 KB (238,080 bytes)

Internet Explorer BHO
Display name:
Websteroids

CLSID:
{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}


Remove common.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.