» dnsbho.dll
Overview
Analysis
File Details
Programs (1)

dnsbho.dll

Bandoo Media, Inc.

The module dnsbho.dll by Bandoo Media has been detected as a potentially unwanted program by 5 anti-malware scanners. This file is typically installed with the program Windows iLivid Toolbar by Bandoo Media Inc which is a potentially unwanted software program.

File name:

dnsbho.dll

Publisher:

Bandoo Media, Inc. (signed and verified)

MD5:

6dc3ec7f25b353f1d23129dd42ce5a13

SHA-1:

8fc29b0d2a2502d5d43d9b652a1619cbfc6403b7

SHA-256:

1c23b3bde725e3c0f313718fb3e66c40692580bc7c2eb2b8e7a41e26bd810a78

Scanner detections:

5 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 10:26:22 AM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.Win32.Toolbar

4.0.3.14929

Dr.Web

Adware.Bandoo.4

9.0.1.0272

ESET NOD32

Win32/Toolbar.SearchSuite (variant)

8.9516

Kaspersky

not-a-virus:WebToolbar.Win32.Agent

14.0.0.3177

Reason Heuristics

PUP.BandooToolbar.BandooMedia.G

14.4.18.19

File size:

256.9 KB (263,064 bytes)

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\windows ilivid toolbar\datamngr\dnsbho.dll

Digital Signature

Signed by:

Bandoo Media, Inc.

Authority:

Thawte, Inc.

Valid from:

2/24/2011 1:00:00 AM

Valid to:

2/24/2013 12:59:59 AM

Subject:

CN="Bandoo Media, Inc.", O="Bandoo Media, Inc.", L=Panama City, S=Panama, C=PA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

2C1E0DFD5207FCBA6225F6AE61587068

Registration

CLSID:

{FEFD3AF5-A346-4451-AA23-A3AD54915515}

ProgID:

DnsBHO.BHO.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

8/9/2011 8:01:37 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:T/V1pzhpnVlDcJo3ndOueI5JEnSje7s/kYk4cNunhcitW1R8AlIPbOSHXfl2O0nd:T/V1pzhpYJJueI5/jMYk4cNYVcF5S3k3

Entry address:

0x16C20

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 81, 7B, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84... 
[+]

Code size:

181.5 KB (185,856 bytes)

The file dnsbho.dll has been discovered within the following program.

Windows iLivid Toolbar by Bandoo Media Inc

This toolbar is typiclaly bundled with the installation of the free iLivid software. Windows iLivid Toolbar by Bandoo for Intenet Explorer collects and stores information about your web browsing habits in order to suggest services or provide advertising via the toolbar.

www.ilivid.com

79% remove it

Remove dnsbho.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.