» iebho.dll
Overview
Analysis
File Details
Programs (1)

iebho.dll

Bandoo Media, Inc.

The module iebho.dll by Bandoo Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Windows Savevid Toolbar by Bandoo Media Inc which is a potentially unwanted software program. It is also typically executed from the user's temporary directory.

File name:

iebho.dll

Publisher:

Bandoo Media, Inc. (signed and verified)

MD5:

d85ce1ae30aef5d813461dc348622a68

SHA-1:

d8f40ded275670f1011f5a92b3ee96323a259305

SHA-256:

c630f46242f382288db3afc42fc2708c6dbbf793e6bb0ba4bdbac82bad11e9e3

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/19/2024 5:06:09 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Bandoo.BandooMedia (M)

16.2.5.11

File size:

1.7 MB (1,793,432 bytes)

File type:

Dynamic link library (Win64 DLL)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\x64\iebho.dll

Digital Signature

Signed by:

Bandoo Media, Inc.

Authority:

Thawte, Inc.

Valid from:

2/24/2011 5:30:00 AM

Valid to:

2/24/2013 5:29:59 AM

Subject:

CN="Bandoo Media, Inc.", O="Bandoo Media, Inc.", L=Panama City, S=Panama, C=PA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

2C1E0DFD5207FCBA6225F6AE61587068

File PE Metadata

Compilation timestamp:

6/2/2011 2:00:38 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:HV+WqLdbqOuHhCW0KX3iwcaqirUK3kU24EM3:RXSQkU/3

Entry address:

0xBF56C

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 6F, 92, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, AB, FE, FF, FF, CC, CC, CC, 4C, 8B, DC, 4D, 89, 43, 18, 4D, 89, 4B, 20, 48, 83, EC, 38, 49, 8D, 43, 20, 45, 33, C9, 49, 89, 43, E8, E8, 09, 94, 00, 00, 48, 83, C4, 38, C3, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 2B, D1, 4C, 8B, CA, F6, C1, 07, 74, 1B, 8A... 
[+]

Entropy:

6.2347

Code size:

1.1 MB (1,141,248 bytes)

The file iebho.dll has been discovered within the following program.

Windows Savevid Toolbar by Bandoo Media Inc

This toolbar is typiclaly bundled with the installation of the free iLivid software. Windows iLivid Toolbar by Bandoo for Intenet Explorer collects and stores information about your web browsing habits in order to suggest services or provide advertising via the toolbar.

www.savevid.com

88% remove it

Remove iebho.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.