home

gdoiftw.dll

Ratio Applications

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The module gdoiftw.dll by Ratio Applications has been detected as adware by 10 anti-malware scanners.
Publisher:
Ratio Applications  (signed and verified)

Version:
1.0.0.1

MD5:
f49d6b2d466d4d7ee34349ddcd6b9695

SHA-1:
27466c46fd0e0dd289ea3158484924774c195100

SHA-256:
916461382f003b6b338bf8ca192e4398877ef1767ff4fe51399feea5a847fdac

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
4/25/2024 12:10:18 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.PullUpdate.E
797

AVG
Acute
2015.0.3275

Bitdefender
Adware.PullUpdate.E
1.0.20.1670

Emsisoft Anti-Malware
Adware.PullUpdate
8.14.11.30.12

F-Secure
Adware.PullUpdate.E
11.2014-30-11_1

G Data
Adware.PullUpdate
14.11.24

MicroWorld eScan
Adware.PullUpdate.E
15.0.0.1002

nProtect
Adware.PullUpdate.E
14.10.24.01

Reason Heuristics
PUP.RatioApplications.H
14.10.25.21

VIPRE Antivirus
Injekt
34232

File size:
1.4 MB (1,456,992 bytes)

Product version:
1.0.0.1

Copyright:
Copyright (C) 2014

File type:
Dynamic link library (Win64 DLL)

Language:
English (United States)

Common path:
C:\ProgramData\application data\tdxyekecg\dat\gdoiftw.dll

Digital Signature
Signed by:
Ratio Applications

Authority:
VeriSign, Inc.

Valid from:
4/1/2014 11:00:00 AM

Valid to:
4/2/2015 10:59:59 AM

Subject:
CN=Ratio Applications, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ratio Applications, L=St. James, S=St. James, C=BB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
352ECA57D8FB6A999A86A031DD989803

File PE Metadata
Compilation timestamp:
10/24/2014 7:16:31 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:TIywIpbWUG2yTZLI7YtxtziHPKak3WfpOhh01nHykNu2371dlzaM66rrrhVUf:UFW3GrTZk7wxh1ThYnzNuUzacq

Entry address:
0x2A18

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, FF, 2B, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, A7, FE, FF, FF, CC, CC, CC, 48, 89, 4C, 24, 08, 48, 81, EC, 88, 00, 00, 00, 48, 8D, 0D, 55, C6, 00, 00, FF, 15, 87, 76, 00, 00, 48, 8B, 05, 40, C7, 00, 00, 48, 89, 44, 24, 58, 45, 33, C0, 48, 8D, 54, 24, 60, 48, 8B, 4C, 24, 58, E8, FB, 4B, 00, 00, 48, 89, 44, 24, 50, 48, 83, 7C, 24...
 
[+]

Entropy:
7.9662  (probably packed)

Code size:
34 KB (34,816 bytes)

Remove gdoiftw.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.