escort.dll

Funmoods

Volonet Ltd

The module escort.dll by Volonet has been detected as adware by 6 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Funmoods Helper Object’.
Publisher:
Funmoods BHO  (signed by Volonet Ltd)

Product:
Funmoods

Version:
1.8.11.0

MD5:
de5a39f90e1a8e6e8e476f50af083f01

SHA-1:
1a102587e8f17a19c3f1cda18fb8a8a80c524b37

SHA-256:
860db5df793652d35c3dbcd247b5765bbecfff184cf1a7755cac36e82c2e65b9

Scanner detections:
6 / 68

Status:
Adware

Analysis date:
8/8/2014 1:13:32 AM UTC  (25 days ago)

Scan engine
Detection
Engine version

Boost by Reason
Optional.BHO.Volonet.G
188838

Dr.Web
Adware.Funmoods.1
9.0.1.010

Malwarebytes
PUP.Funmoods
v2014.01.10.10

Reason Heuristics
PUP.BHO.Volonet.G
14.8.7.21

Sophos
Funmoods Toolbar
4.90

Trend Micro House Call
TROJ_GEN.F47V0308
7.2.10

File size:
243.5 KB (249,296 bytes)

Product version:
1.8.11.0

Copyright:
(c) Funmoods.com. All rights reserved.

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\funmoods\1.8.11.0\bh\escort.dll

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
1/11/2012 12:00:00 AM

Valid to:
11/25/2013 11:59:59 PM

Subject:
CN=Volonet Ltd, O=Volonet Ltd, STREET=hazfira 19, L=Tel Aviv, S=Israel, PostalCode=67778, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D9EB879A7F4ADB713BB56F5D9EA449DA

File PE Metadata
Compilation timestamp:
1/31/2013 5:33:56 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:N2GwNUITJicI7DwvH7ojM+dyLsRvMDIjk3E:TwNUiicI7DwvHeyLsRvMDIf

Entry address:
0x17681

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 7B, 76, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, 40, 9C, 03, 10, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, 92, 78, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2...
 
[+]

Code size:
161 KB (164,864 bytes)

Internet Explorer BHO
Display name:
Funmoods Helper Object

CLSID:
{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}


There are 2 known versions of escort.dll by Funmoods BHO.

4 / 68      (Adware)
escort.dll  1.8.4.0  (084feabe31e1e089cbf95fd7f608f16470ca5960)

6 / 68      (Adware)
escort.dll  1.5.23.0  (abb6b390c517049f8e1c78ab3f0a43c4fd0c60df)

6 / 68      (Adware)
escortapp.dll  (242828f8dd0288145bb9eb8c38f2a9a2ef0ea135)

6 / 68      (Adware)
escorteng.dll  (f9e5e0ed68c9f4b781eaa1de18f6469470ec0be3)

9 / 68      (Adware)
funmoods.dll  (cc22b0aa6f4b5367865b75f3c0afa788c7f97d8e)

7 / 68      (Adware)
funmoodstlbr.dll  (a1be7d513d40b1a0af1aa1fd73c2c2b6173ac700)

6 / 68      (Adware)
escortlbr.dll  (879fcb98518eecb5a1c01402aa00e52ec5fd9c6f)

5 / 68      (Adware)
fm4ffx.exe  (3dad9bf5011fb73b9be2fe6c601bb6281a3ceaf6)

12 / 68    (Adware)
funmoods.exe  (62cb124f2994432e70b52dc3775f6c091a976926)

5 / 68      (Adware)
funmoodssrv.exe  (741b8a19f9a16abc57a8b86a167bb3fdd8d4f6b4)

4 / 68      (Adware)
uninstall.exe  (d1b58aeb35137e47c7aee58efd43b32cb459663d)

7 / 68      (Adware)
funmoodsapp.dll  (0088967a4ed52f491976136c95d43e0e1b06cc31)

6 / 68      (Adware)
funmoodseng.dll  (74f62a9acdb9f9dd0580d69450c062ba8870deea)

8 / 68      (Adware)
setup.exe  (e584634b5565fd81d7258fca86c632c9d3e1cd14)

Detection Incidence by Country