» drspeedypc.dll
Overview
Analysis
File Details
Behaviors (1)
Downloads (1)

drspeedypc.dll

Ikan Media Inc

It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘drspeedypc’. The file has been seen being downloaded from files.ghostmonetization.net.

File name:

drspeedypc.dll

Publisher:

drspeedypc (signed by Ikan Media Inc)

Product:

drspeedypc

Version:

1.0.0.13

MD5:

bd26504fb48a03d89a369e3ee860dc64

SHA-1:

a9dfb3bf2bb149baaa0aa9b04e60d9861b0cce44

SHA-256:

1fb215879013230c39224cd896f9d9b0bfe6910b52dcbf3729e255c987b6fa57

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/25/2024 12:25:36 AM UTC (today)

Scan engine

Detection

Engine version

VIPRE Antivirus

Shopperz

45892

File size:

2 MB (2,096,168 bytes)

Product version:

1.0.0.1

Original file name:

drspeedypc.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\drspeedypc\secure\drspeedypc.dll

Digital Signature

Signed by:

Ikan Media Inc

Authority:

DigiCert Inc

Valid from:

4/22/2015 8:00:00 PM

Valid to:

4/12/2018 8:00:00 AM

Subject:

CN=Ikan Media Inc, O=Ikan Media Inc, L=Spring Hill, S=FL, C=US, PostalCode=34609, STREET=14194 Presteign Ln, SERIALNUMBER=264747629, OID.1.3.6.1.4.1.311.60.2.1.2=Florida, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization

Issuer:

CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0FEF8B3A3600D816D78DAE00A12B4266

File PE Metadata

Compilation timestamp:

12/16/2015 5:50:59 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:xsuZvK+kBPLqxX5rWki1S3R58E2RksOHYLEgKoqTrL1+:5ZvK+cTqxX5mS3RmEEjOHYLEg

Entry address:

0x13D030

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 3D, 03, 01, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, B0, 5C, 1C, 10, E8, 51, 04, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, B0, 68, 1D, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, D0, 07, 1A, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

6.5597

Developed / compiled with:

Microsoft Visual C++

Code size:

1.4 MB (1,495,040 bytes)

Internet Explorer BHO

Display name:

drspeedypc

CLSID:

{768919B3-C6AD-47D4-94E9-A4A2FBA8A83D}

The file drspeedypc.dll has been seen being distributed by the following URL.

http://files.ghostmonetization.net/uploads/.../drspeedypc_015.dll

Scan drspeedypc.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.