» dialbtyahoo.exe
Overview
Analysis
File Details
Behaviors (1)

dialbtyahoo.exe

BT Yahoo! Internet Connection Manager

British Telecommunications Plc

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘BTopenworld’.

File name:

dialbtyahoo.exe

Publisher:

British Telecommunications Plc (signed and verified)

Product:

BT Yahoo! Internet Connection Manager

Description:

BT Yahoo! Internet Connection Manager (ICM)

Version:

1, 8, 0, 4

MD5:

0e41077cff5582b228d0146db6251b0d

SHA-1:

6f893f8af43e83a44651d9eeb4055e06b17a82d1

SHA-256:

fff5ce153f229f7b3dccc13770259b6d93be00d24d709a01f72b4c0284fa90ac

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 12:12:02 PM UTC (today)

File size:

325.7 KB (333,472 bytes)

Product version:

1, 8, 0, 4

Trademarks:

BT, BT Yahoo! Internet are registered trademarks of British Telecommunications plc

Original file name:

DialISP MFC.exe

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

Common path:

C:\Program Files\bt yahoo! internet\dialbtyahoo.exe

Digital Signature

Signed by:

British Telecommunications Plc

Authority:

VeriSign, Inc.

Valid from:

10/12/2006 1:00:00 AM

Valid to:

12/9/2007 11:59:59 PM

Subject:

CN=British Telecommunications Plc, OU=BT Advanced Communcations Engineering, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=British Telecommunications Plc, L=Ipswich, S=Suffolk, C=GB

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

4B5727A0DF3BA21BCFE26DE77484EB5A

File PE Metadata

Compilation timestamp:

4/10/2007 9:09:27 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:6ayvJAKsAHkOY3XPKtNEWYD/5/c0CgkWQ9hScupHxXmvrdNtlo2lOGvJOUbxqYrO:6jJAKs2kdK/JYD/5E0CtBIpHKfFDt1mj

Entry address:

0x1B3A0

Entry point:

55, 8B, EC, 6A, FF, 68, D0, 8E, 43, 00, 68, 80, D7, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 10, 62, 43, 00, 33, D2, 8A, D4, 89, 15, 5C, 99, 44, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 58, 99, 44, 00, C1, E1, 08, 03, CA, 89, 0D, 54, 99, 44, 00, C1, E8, 10, A3, 50, 99, 44, 00, 6A, 01, E8, 22, 32, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, 5C, 1B, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75... 
[+]

Entropy:

6.0748

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

212 KB (217,088 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

BTopenworld

Command:

"C:\Program Files\bt yahoo! internet\dialbtyahoo.exe" \reinstallautodial

Scan dialbtyahoo.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.