home

hbsvnudk.dll

Rational Thought Solutions

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The module hbsvnudk.dll by Rational Thought Solutions has been detected as adware by 19 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup.
Publisher:
Rational Thought Solutions  (signed and verified)

Version:
1.0.0.1

MD5:
bf82a1f974efe6222cc25f93cfa117ac

SHA-1:
b78d03aca1e94bb5ed689d3850c03a20bffeb9e9

SHA-256:
13768ff6364fc3b29239256cefd9e5a1d1e2e4bf19ec871c6d11560a048c2531

Scanner detections:
19 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
4/26/2024 3:03:36 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.PullUpdate.T
6766314

Agnitum Outpost
PUA.PullUpdate
7.1.1

AVG
Potentially harmful program Downloader.DIQ
2014.0.4257

Baidu Antivirus
Adware.MSIL.PullUpdate
4.0.3.1536

Bitdefender
Adware.PullUpdate.T
1.0.20.325

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Yontoo.55
9.0.1.05190

Emsisoft Anti-Malware
Adware.PullUpdate.T
9.0.0.4799

ESET NOD32
MSIL/Adware.PullUpdate.K.gen application
7.0.302.0

F-Secure
Adware.PullUpdate.T
5.13.68

G Data
Adware.PullUpdate
15.3.25

IKARUS anti.virus
PUA.Downloader
t3scan.1.8.6.0

Kaspersky
not-a-virus:AdWare.MSIL.Agent
15.0.0.543

Malwarebytes
PUP.Optional.ZombieInvasion.A
v2015.03.06.01

MicroWorld eScan
Adware.PullUpdate.T
16.0.0.195

NANO AntiVirus
Riskware.Win32.SaMon.dniyss
0.30.0.296

Panda Antivirus
Generic Suspicious
15.03.06.01

Reason Heuristics
PUP.Injekt
15.3.6.1

Vba32 AntiVirus
AdWare.Agent
3.12.26.3

File size:
1.2 MB (1,241,072 bytes)

Product version:
1.0.0.1

Copyright:
Copyright (C) 2014

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\ProgramData\aflyhhes\dat\hbsvnudk.dll

Digital Signature
Signed by:
Rational Thought Solutions

Authority:
Symantec Corporation

Valid from:
1/24/2015 5:30:00 AM

Valid to:
4/25/2016 5:29:59 AM

Subject:
CN=Rational Thought Solutions, O=Rational Thought Solutions, L=St. James, S=St. James, C=BB

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
00B81C1C4DB6AD87B9B581116F115E4C

File PE Metadata
Compilation timestamp:
3/5/2015 12:54:46 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:z2lNGsNCh7TfS4faFBXxIoVobzpxNOkt5H+S2zZTF4EavbOP7e9ir5vIuB:zKNGgChnHfaPqoVonHXJ2BiHb5ir5dB

Entry address:
0x2670

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 59, 26, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 30, BD, 00, 10, 89, 0D, 2C, BD, 00, 10, 89, 15, 28, BD, 00, 10, 89, 1D, 24, BD, 00, 10, 89, 35, 20, BD, 00, 10, 89, 3D, 1C, BD, 00, 10, 66, 8C, 15, 48, BD, 00, 10, 66, 8C, 0D, 3C, BD, 00, 10, 66, 8C, 1D, 18, BD, 00, 10, 66, 8C, 05, 14, BD, 00, 10, 66, 8C, 25, 10, BD, 00, 10, 66, 8C, 2D, 0C, BD, 00, 10, 9C, 8F, 05, 40, BD...
 
[+]

Entropy:
7.9765  (probably packed)

Code size:
28 KB (28,672 bytes)

Remove hbsvnudk.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.