» extension32.dll
Overview
Analysis
File Details
Behaviors (1)

extension32.dll

Fedorov Paul

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The module extension32.dll by Fedorov Paul has been detected as adware by 2 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Gigabase’.

File name:

extension32.dll

Publisher:

Fedorov Paul (signed and verified)

Version:

1.0

MD5:

4ca36f60f08a217c4314e61ddc076b2f

SHA-1:

b0b18c011c7a587f55de62ce038404cd1d872754

SHA-256:

a11a2f6c50f128599fa336b426f10426e3c3694a2de94b5027ee33a186b9b710

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

4/26/2024 9:47:54 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.BGuard.31

9.0.1.0241

Reason Heuristics

PUP.Webpick.FedorovPaul (M)

15.8.29.18

File size:

361.6 KB (370,304 bytes)

Product version:

1.0

Original file name:

Extension.dll

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\gigabase\basement\extension32.dll

Digital Signature

Signed by:

Fedorov Paul

Authority:

Thawte, Inc.

Valid from:

8/28/2012 5:00:00 AM

Valid to:

8/29/2013 4:59:59 AM

Subject:

CN=Fedorov Paul, OU=Individual Developer, O=No Organization Affiliation, L=Saint-Petersburg, S=Saint-Petersburg, C=RU

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

702D4055EE5CC734192DCBDFFE7AE8E1

File PE Metadata

Compilation timestamp:

6/5/2013 11:58:39 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:T9HJcuIJ5LfvzibmealEeovhk+BpSwBpIhAPZjJ2fNnO:T9HJcbJ5aK3EJk+BpSwBpIhAPZjJO4

Entry address:

0x2E8A5

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 2A, 6E, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 6A, 0C, 68, 90, BB, 04, 10, E8, 54, 04, 00, 00, 33, F6, 89, 75, E4, 33, C0, 8B, 5D, 08, 3B, DE, 0F, 95, C0, 3B, C6, 75, 1C, E8, 83, 20, 00, 00, C7, 00, 16, 00, 00, 00, 56, 56, 56, 56, 56, E8, 0B, 20, 00, 00, 83, C4, 14, 33, C0, EB, 7B, 33, C0, 8B, 7D, 0C, 3B, FE, 0F, 95, C0, 3B, C6, 74, D6, 33, C0, 66, 39, 37, 0F, 95, C0, 3B, C6, 74, CA, E8, 2F, 73, 00, 00, 89, 45, 08... 
[+]

Entropy:

6.4186

Code size:

257.5 KB (263,680 bytes)

Internet Explorer BHO

Display name:

Gigabase

CLSID:

{21A07E17-5809-484C-80D8-938064663D47}

Remove extension32.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.