» IEBHO.dll
Overview
Analysis
File Details
Behaviors (1)

IEBHO.dll

IEHelper Module

Discordia Limited

The module IEBHO.dll by Discordia Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘UrlHelper Class’.

File name:

IEBHO.dll

Publisher:

Discordia, LTD (signed by Discordia Limited)

Product:

IEHelper Module

Description:

IEHelper

Version:

1.0.0.0

MD5:

43d41daba3b5dd39f8012bba88e6e1c8

SHA-1:

cde4f1fda23e5d12bea5ccb11f1678219904b2fc

SHA-256:

73ed6b99adfc585fc10138e96a0b5930077296fc478617a20bbd412e9b7a6d2f

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/24/2024 3:02:11 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Discordia (M)

16.2.8.13

File size:

382.9 KB (392,128 bytes)

Product version:

1.0.0.1

Original file name:

IEBHO.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\shareaza applications\mediabar\datamngr\iebho.dll

Digital Signature

Signed by:

Discordia Limited

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

6/8/2009 6:00:00 PM

Valid to:

7/12/2010 5:59:59 PM

Subject:

CN=Discordia Limited, OU=SECURE APPLICATION DEVELOPMENT, O=Discordia Limited, L=Limassol, S=Limassol, C=CY

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

084485A7885299D4519D7BABD19D2EE0

File PE Metadata

Compilation timestamp:

5/27/2010 8:11:12 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:JcJNIZdvo29mFGb8mIC45N5KKJTt3F74mxAtaPbaYQ+Us5faoHE:JcJNIZdvo2jYnC45N5ft3F7hxEajaH+M

Entry address:

0x2ED2B

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, B9, 7D, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 83, EC, 14, A1, 14, 69, 05, 10, 33, C5, 89, 45, FC, 53, 56, 33, DB, 57, 8B, F1, 39, 1D, 34, 81, 05, 10, 75, 38, 53, 53, 33, FF, 47, 57, 68, 08, B5, 04, 10, 68, 00, 01, 00, 00, 53, FF, 15, A8, 81, 04, 10, 85, C0, 74, 08, 89, 3D, 34, 81, 05, 10, EB, 15, FF, 15, 34, 80, 04, 10, 83, F8, 78, 75, 0A, C7, 05, 34, 81, 05, 10, 02, 00, 00, 00, 39, 5D, 14, 7E... 
[+]

Entropy:

6.5548

Code size:

283 KB (289,792 bytes)

Internet Explorer BHO

CLSID:

{CFC4F59B-A2DA-4e12-B337-52A4F871E10C}

CLSID name:

UrlHelper Class

Remove IEBHO.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.