home

fcdbiosyxw.dll

Mathematical Applications

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The module fcdbiosyxw.dll by Mathematical Applications has been detected as adware by 14 anti-malware scanners.
Publisher:
Mathematical Applications  (signed and verified)

Version:
1.0.0.1

MD5:
33986185e0e874d4c7cba7f1b97f778d

SHA-1:
fb7f636ba84dc3fb44ac19029bbd0ef9dd5f8396

SHA-256:
2cd998d4d53f3b3dd8e3e73ae0bdfdccf5c51124c66cbcd927f1d2ef3bc06b71

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
4/26/2024 3:43:50 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.PullUpdate.T
6766314

Agnitum Outpost
PUA.Agent
7.1.1

AVG
Adware Generic_r.YZ
2014.0.4257

Baidu Antivirus
Adware.MSIL.PullUpdate
4.0.3.1535

Bitdefender
Adware.PullUpdate.T
1.0.20.320

Emsisoft Anti-Malware
Adware.PullUpdate.T
9.0.0.4799

ESET NOD32
MSIL/Adware.PullUpdate.K.gen application
7.0.302.0

F-Secure
Adware.PullUpdate.T
5.13.68

G Data
Adware.PullUpdate
15.3.25

IKARUS anti.virus
AdWare.PullUpdate
t3scan.1.8.6.0

Kaspersky
not-a-virus:AdWare.Win64.Agent
15.0.0.543

MicroWorld eScan
Adware.PullUpdate.T
16.0.0.192

Reason Heuristics
PUP.Injekt
15.3.5.20

Zillya! Antivirus
Adware.Agent.Win64.49
2.0.0.2089

File size:
1.4 MB (1,456,912 bytes)

Product version:
1.0.0.1

Copyright:
Copyright (C) 2014

File type:
Dynamic link library (Win64 DLL)

Language:
English (United States)

Common path:
C:\ProgramData\application data\hunpbwe\dat\fcdbiosyxw.dll

Digital Signature
Signed by:
Mathematical Applications

Authority:
VeriSign, Inc.

Valid from:
10/26/2014 8:00:00 PM

Valid to:
10/27/2015 7:59:59 PM

Subject:
CN=Mathematical Applications, O=Mathematical Applications, L=St. James, S=St. James, C=BB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
79F6406432970C77D2FA7772E5EB6BDC

File PE Metadata
Compilation timestamp:
1/22/2015 2:03:11 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:OIywEX9jSLVphMcgVNWzBwVE8AnyLoPQK+mjy6nbJnU7NXmCD+01JajhLHzR:tFEt+VphMcgVkB4fdWQKJjjbJU7BH+cg

Entry address:
0x2A18

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, FF, 2B, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, A7, FE, FF, FF, CC, CC, CC, 48, 89, 4C, 24, 08, 48, 81, EC, 88, 00, 00, 00, 48, 8D, 0D, 55, C6, 00, 00, FF, 15, 87, 76, 00, 00, 48, 8B, 05, 40, C7, 00, 00, 48, 89, 44, 24, 58, 45, 33, C0, 48, 8D, 54, 24, 60, 48, 8B, 4C, 24, 58, E8, FB, 4B, 00, 00, 48, 89, 44, 24, 50, 48, 83, 7C, 24...
 
[+]

Entropy:
7.9671  (probably packed)

Code size:
34 KB (34,816 bytes)

Remove fcdbiosyxw.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.