» dynamocombo.dll
Overview
Analysis
File Details
Behaviors (1)
Programs (2)
Downloads (5)

dynamocombo.dll

Dynamo Combo

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module dynamocombo.dll by Dynamo Combo has been detected as adware by 23 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Dynamo Combo 1.0.0.6’. This file is typically installed with the program Dynamo Combo by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

dynamocombo.dll

Publisher:

Dynamo Combo (signed and verified)

Product:

Dynamo Combo

Version:

1.0.0.6

MD5:

3f59db73d7c9c6616550cd2084b909bd

SHA-1:

0c0b0df67cb1a0a561418c67e3cef4a1d5c285c2

SHA-256:

e7c5f2f1dbd0a7f0bf07eccccfad7e98a5f6c1b6130e9884bf3bc0167a13e54b

Scanner detections:

23 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

5/8/2024 5:12:55 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.BrowseFox.AP

749

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

Adware/Win32.BrowseFox

2015.01.17

Avira AntiVirus

ADWARE/BrowseFox.Gen2

7.11.202.28

AVG

BrowseFox.F

2016.0.3227

Baidu Antivirus

Adware.Win32.BrowseFox

4.0.3.15117

Bitdefender

Adware.BrowseFox.AP

1.0.20.85

Clam AntiVirus

Win.Adware.Browsefox-172

0.98/21511

Comodo Security

Application.Win32.BrowseFox.JM

20736

Dr.Web

Trojan.BPlug.142

9.0.1.017

Emsisoft Anti-Malware

Adware.BrowseFox.AP

8.15.01.17.06

ESET NOD32

Win32/BrowseFox (variant)

9.11028

F-Prot

W32/S-7bed2e86

v6.4.7.1.166

F-Secure

Adware.BrowseFox.AP

11.2015-17-01_7

G Data

Adware.BrowseFox.AP

15.1.24

K7 AntiVirus

Trojan

13.191.14667

Malwarebytes

PUP.Optional.DynamoCombo.A

v2015.01.17.06

MicroWorld eScan

Adware.BrowseFox.AP

16.0.0.51

NANO AntiVirus

Trojan.Win32.BPlug.ddwtte

0.30.0.64448

nProtect

Adware.BrowseFox.AP

15.01.16.01

Reason Heuristics

PUP.BHO.Yontoo

15.1.17.6

Vba32 AntiVirus

AdWare.Kranet

3.12.26.3

Zillya! Antivirus

Backdoor.PePatch.Win32.58304

2.0.0.2037

File size:

244.7 KB (250,616 bytes)

Product version:

1.0.0.6

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\mv7f4ifi\dynamocombo.dll

Digital Signature

Signed by:

Dynamo Combo

Authority:

VeriSign, Inc.

Valid from:

12/16/2014 7:00:00 PM

Valid to:

12/17/2015 6:59:59 PM

Subject:

CN=Dynamo Combo, O=Dynamo Combo, L=Santa Monica, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

14A953D6CFA5311EDEF6756B21556A7A

File PE Metadata

Compilation timestamp:

1/16/2015 4:45:52 PM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:TnZoaLABKWh3vpAC0yBzA3CJSd15+kxIaIHN7vvhR:T3LABKU3v2CczxIt7vhR

Entry address:

0x12854

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 41, 8D, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 90, 30, 03, 10, E8, BD, 01, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 24, 78, 03, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 1C, A5, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

6.3528

Developed / compiled with:

Microsoft Visual C++

Code size:

159 KB (162,816 bytes)

Internet Explorer BHO

Display name:

Dynamo Combo 1.0.0.6

CLSID:

{986c37a1-7b65-476f-80dc-54f80bd4b0d6}

The file dynamocombo.dll has been discovered within the following programs.

Buzzdock by Alactro LLC

This is a web browser extension that injects advertising. From the EULA: "Buzzdock is free to download and use. Buzzdock is supported by advertising, and users will see additional ads on websites where Buzzdock features operate.

www.buzzdock.com/faq-support

79% remove it

Dynamo Combo by Yontoo Technology, Inc.

This is an adware injector that displays ads/banners in the user's web browser.

dynamocombo.info/support

88% remove it

The file dynamocombo.dll has been seen being distributed by the following 5 URLs.

http://install-cdn.dynamocombo.info/bed?r=2015011710&bet=3

http://install-cdn.dynamocombo.info/bed?r=2015011720&bet=3

http://install-cdn.dynamocombo.info/bed?r=2015011715&bet=3

http://install-cdn.dynamocombo.info/bed?r=2015011705&bet=3

http://install-cdn.dynamocombo.info/bed?r=2015011700&bet=3

Remove dynamocombo.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.