» common.dll
Overview
Analysis
File Details
Behaviors (1)

common.dll

Movie Mode

GenTechnologies Apps, LLC

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The module common.dll by GenTechnologies Apps has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Movie Mode’.

File name:

common.dll

Publisher:

GenTechnologies Apps, LLC (signed and verified)

Product:

Movie Mode

Version:

2.6.21

MD5:

147812f58fe8d6c00bfbef9b0c3d9024

SHA-1:

9f8f05c1f48c5d5f2ddc38141e336f140a0a8ea8

SHA-256:

c3896aa361c155cd1059e31facd7fc09223b119828a8c0509ea52b0de2a2c69b

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:

4/18/2024 10:36:35 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Injekt.GenTechnologiesApps (M)

16.1.15.11

File size:

383.1 KB (392,336 bytes)

Product version:

2.6.21

Original file name:

common.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\moviemode\ie\common.dll

Digital Signature

Signed by:

GenTechnologies Apps, LLC

Authority:

COMODO CA Limited

Valid from:

5/30/2013 12:00:00 AM

Valid to:

5/30/2014 11:59:59 PM

Subject:

CN="GenTechnologies Apps, LLC", O="GenTechnologies Apps, LLC", STREET=640 Grand Avenue, STREET=Suite E, L=Carlsbad, S=California, PostalCode=92008, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

06D4A5EDA561071FC293924D6DFC6300

File PE Metadata

Compilation timestamp:

6/23/2013 4:24:44 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:5bZqTnmsWgFubjbCrgfIxiqlL9KGrlTXbwTdhE4zYPKzFreNZ:hZiunbCr4Ixi69KATXb6zDreNZ

Entry address:

0x15A2E

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 22, 5D, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, A0, 9C, 04, 10, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, 1C, C2, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, 0C, C2, FF, FF, 8B, 45, 08, F6, 40... 
[+]

Entropy:

6.6503

Code size:

232.5 KB (238,080 bytes)

Internet Explorer BHO

Display name:

Movie Mode

CLSID:

{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}

Remove common.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.