home

gcodecband.dll

gcodecband.dll

HANcommunication

The module gcodecband.dll by HANcommunication has been detected as adware by 2 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘gcodecband’.
Publisher:
한커뮤니케이션  (signed by HANcommunication)

Product:
gcodecband.dll

Version:
2013.11.28.9

MD5:
bd827e72b46711ab16af01c9edfcc4a3

SHA-1:
b0aff42bc7e19a85e519e6b0ab38d8372af45d48

SHA-256:
1ba7ba8209c3a3e131bda1c3b158d98ec4ecadc808f567a4f8c94841d6ddca29

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
5/7/2024 6:53:41 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.BHO.HANcommunication.K
14.11.30.23

Trend Micro House Call
TROJ_GEN.F47V0331
7.2.163

File size:
774 KB (792,600 bytes)

Product version:
2013.11.28.9

Copyright:
Copyright (C) 한커뮤니케이션 All Rights Reserved.

Original file name:
gcodecband.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\appdata\roaming\gcodec\gcodecband.dll

Digital Signature
Signed by:
HANcommunication

Authority:
Thawte, Inc.

Valid from:
5/12/2013 9:00:00 AM

Valid to:
6/12/2015 8:59:59 AM

Subject:
CN=HANcommunication, O=HANcommunication, L=seoul, S=Guro-gu, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
3962DEF517F7534C2829A48F9A9454D4

File PE Metadata
Compilation timestamp:
11/28/2013 3:51:16 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:yAYNTVHdCjVd2clzuoZYevn9gyxxxxxxxxxxxNAxY/xxxxxxxxxxxxxevx:SNTCjHhuoZYe1avx

Entry address:
0x63622

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, EA, C1, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 6A, 10, 68, 90, FE, 08, 10, E8, CF, 0D, 00, 00, 8B, 5D, 08, 85, DB, 75, 0E, FF, 75, 0C, E8, 22, F6, FF, FF, 59, E9, CC, 01, 00, 00, 8B, 75, 0C, 85, F6, 75, 0C, 53, E8, 18, E3, FF, FF, 59, E9, B7, 01, 00, 00, 83, 3D, BC, 61, 0A, 10, 03, 0F, 85, 93, 01, 00, 00, 33, FF, 89, 7D, E4, 83, FE, E0, 0F, 87, 8A, 01, 00, 00, 6A, 04, E8, 42, 65, 00, 00, 59, 89, 7D, FC, 53, E8, 6B...
 
[+]

Entropy:
6.7265

Code size:
501 KB (513,024 bytes)

Internet Explorer BHO
CLSID:
{D51B53A3-FFAD-4F50-98AC-E30085EBD987}

CLSID name:
gcodecband


Remove gcodecband.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.