» custom.dll
Overview
Analysis
File Details

custom.dll

TopApp soft

The module custom.dll, “Custom DLL for TopApp so” has been detected as a potentially unwanted program by 22 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup.

File name:

custom.dll

Publisher:

TopApp soft

Product:

TopApp soft

Description:

Custom DLL for TopApp so

Version:

2014.5.

MD5:

007b5fc4d6da8d120170be285d7e0bdc

SHA-1:

f32589aef4f6b3c3384df75218943f13feb0a845

SHA-256:

a8e8807a9edcbb67dc1af5b6ef07fa151d153b7eaa78939be8874529939f1647

Scanner detections:

22 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstalleRex from WebPick Internet Holdings to install bundled add-ons including toolbars and other web browser extensions.

Analysis date:

4/25/2024 7:37:14 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Kazy.365295

983

Agnitum Outpost

PUA.Downloader

7.1.1

avast!

Win32:Installer-AQ [PUP]

2014.9-140528

AVG

Downloader.Generic13

2015.0.3461

Bitdefender

Gen:Variant.Application.Kazy.365295

1.0.20.740

Dr.Web

Adware.Downware.2108

9.0.1.0148

ESET NOD32

Win32/InstalleRex

8.9851

F-Prot

W32/TixLoader.A2.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Application.Kazy

11.2014-28-05_4

G Data

Gen:Variant.Application.Kazy.365295

14.5.24

Kaspersky

Trojan.Win32.AntiFW

14.0.0.3798

MicroWorld eScan

Gen:Variant.Application.Kazy.365295

15.0.0.444

NANO AntiVirus

Riskware.Win32.InfoLeak.cvgqot

0.28.0.59921

nProtect

Trojan/W32.AntiFW.93696

14.05.26.01

Panda Antivirus

Trj/AntiAV.O

14.05.28.08

Quick Heal

Trojan.AntiFW.A5

5.14.14.00

Reason Heuristics

Threat.Win.Reputation.IMP

14.5.28.8

Sophos

InstallRex

4.98

Trend Micro House Call

TROJ_ADLOAD_DD300426.UVPA

7.2.148

Trend Micro

TROJ_ADLOAD_DD300426.UVPA

10.465.28

Vba32 AntiVirus

Downloader.AdLoad

3.12.26.0

Zillya! Antivirus

Trojan.AntiFW.Win32.48

2.0.0.1801

File size:

91.5 KB (93,696 bytes)

Product version:

1.0.0.3

Original file name:

TixDll.dll

File type:

Dynamic link library (Win32 DLL)

Language:

Hebraico (Israel)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\custom.dll

File PE Metadata

Compilation timestamp:

12/19/2013 6:35:15 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

1536:K7xcx/juCKV+hVboYrEhySESy9GNGU6u1Go6eOYM++vvnccDU:K7qxa8NoYr6w5S8o6epM++v/ccY

Entry address:

0xD73C

Entry point:

FF, 74, 24, 04, 8B, 44, 24, 0C, E8, 4A, FF, FF, FF, C2, 0C, 00, 55, 8B, EC, 51, 83, 7D, 0C, 02, 7D, 08, 6A, 57, 58, E9, C0, 00, 00, 00, 53, 56, 8B, 75, 10, 57, FF, 76, 04, FF, 15, 64, 01, 01, 10, 8D, 44, 00, 20, 50, E8, FF, 08, 00, 00, FF, 76, 04, 8B, F8, 68, 50, 22, 01, 10, 57, FF, 15, 3C, 02, 01, 10, 83, C4, 0C, 6A, FF, 57, 6A, 00, E8, F8, 09, 00, 00, 57, 8B, D8, E8, EF, 08, 00, 00, FF, 36, FF, 15, 14, 01, 01, 10, 89, 45, FC, 85, C0, 75, 0B, FF, 15, B4, 00, 01, 10, 89, 45, 0C, EB, 5B, 53, 50, FF, 15, 74... 
[+]

Code size:

59 KB (60,416 bytes)

Remove custom.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.