» dhandler.dll
Overview
Analysis
File Details
Programs (5)

dhandler.dll

Skinkers Ltd

This file is installed with multiple programs including UPS Widget (remove only) and CNN Desktop Alerts (remove only).

File name:

dhandler.dll

Publisher:

Skinkers Ltd (signed and verified)

MD5:

23588944afaf4fc1fad2e672188626c9

SHA-1:

a897769377e0eb2812bb18b46c33aceaff5da561

SHA-256:

96bcd945a9b8aabcf5e7637b680098a26523c1e0bd19dd7444b748d8a7c44667

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/25/2024 11:11:17 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

NANO AntiVirus

Trojan.Win32.XPACK.dciyhz

0.28.2.61861

File size:

78.9 KB (80,816 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\american airlines dealfinder\dhandler.dll

Digital Signature

Signed by:

Skinkers Ltd

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

4/9/2007 8:00:00 PM

Valid to:

4/9/2009 7:59:59 PM

Subject:

CN=Skinkers Ltd, OU=Secure Application Development, O=Skinkers Ltd, L=London, S=London, C=UK

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

150B5830ECF473ABF6BC89FE72A8553F

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

1536:2p/PKCfsnIw8sQ7Ms9myDby6z99q/rNZ0G0uuFg7zQNLjAnRy:o3nf17T9myJuhZ0gSLMnA

Entry address:

0x2C001

Entry point:

60, E8, 03, 00, 00, 00, E9, EB, 04, 5D, 45, 55, C3, E8, 01, 00, 00, 00, EB, 5D, BB, ED, FF, FF, FF, 03, DD, 81, EB, 00, C0, 02, 00, 83, BD, 22, 04, 00, 00, 00, 89, 9D, 22, 04, 00, 00, 0F, 85, 65, 03, 00, 00, 8D, 85, 2E, 04, 00, 00, 50, FF, 95, 4D, 0F, 00, 00, 89, 85, 26, 04, 00, 00, 8B, F8, 8D, 5D, 5E, 53, 50, FF, 95, 49, 0F, 00, 00, 89, 85, 4D, 05, 00, 00, 8D, 5D, 6B, 53, 57, FF, 95, 49, 0F, 00, 00, 89, 85, 51, 05, 00, 00, 8D, 45, 77, FF, E0, 56, 69, 72, 74, 75, 61, 6C, 41, 6C, 6C, 6F, 63, 00, 56, 69, 72... 
[+]

Entropy:

7.6430

Packer / compiler:

ASPack v2.12

Code size:

130 KB (133,120 bytes)

The file dhandler.dll has been discovered within the following programs.

American Airlines DealFinder (remove only) by Skinkers Ltd

The software is provided to you by Skinkers ltd. ("Skinkers") and not by American Airlines. From the aa.

www.skinkers.com

43% remove it

CNN Desktop Alerts (remove only) by Skinkers Ltd

About 5% of users remove it

London Stock Exchange Desktop Alerts (remove only) by Skinkers Ltd

About 3% of users remove it

Pocket Pudsey (remove only) by Skinkers Ltd

About 4% of users remove it

UPS Widget (remove only) by Skinkers Ltd

About 9% of users remove it

Scan dhandler.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.