» common.dll
Overview
Analysis
File Details
Behaviors (1)

common.dll

Safe Monitor

Western Web Applications, LLC

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The module common.dll by Western Web Applications has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Safe Monitor’.

File name:

common.dll

Publisher:

Western Web Applications, LLC (signed and verified)

Product:

Safe Monitor

Version:

2.6.24

MD5:

95879d10276263998ee40a06e70621fa

SHA-1:

c7b6fb6c8e8230cb01f3ff66a12ebb2218d57fe2

SHA-256:

abb0534c81faa85f046fab5d3d0ea9b978e229ca1cec67ce3694c21b1ed04ae3

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:

4/27/2024 1:24:42 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Injekt.WesternWebApplications (M)

15.12.29.23

File size:

383.1 KB (392,344 bytes)

Product version:

2.6.24

Original file name:

common.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\safemonitor\ie\common.dll

Digital Signature

Signed by:

Western Web Applications, LLC

Authority:

COMODO CA Limited

Valid from:

5/23/2013 8:00:00 PM

Valid to:

5/24/2014 7:59:59 PM

Subject:

CN="Western Web Applications, LLC", O="Western Web Applications, LLC", STREET=640 E Grand Ave, STREET=Suite 129, L=Carlsbad, S=CA, PostalCode=92008, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

2A1B337726D509D16C17362E2E625DE9

File PE Metadata

Compilation timestamp:

7/12/2013 5:15:45 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:V7+6DHfkWo9k0bbLC8gf4RBCtrFq2rO2XTX4gZt4zYPKzFweNn:F+jk0vLC844RBaFqH2XTkzDweNn

Entry address:

0x15A2E

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 22, 5D, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, A0, 9C, 04, 10, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, 1C, C2, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, 0C, C2, FF, FF, 8B, 45, 08, F6, 40... 
[+]

Entropy:

6.6495

Code size:

232.5 KB (238,080 bytes)

Internet Explorer BHO

Display name:

Safe Monitor

CLSID:

{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}

Remove common.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.