home

iepostwrapper.ocx

Internet Explorer ActiveX Wrapper

Tucows Inc.

The file iepostwrapper.ocx, “An ActiveX wrapper for the Internet Explorer for use with the Platypus Billing System.” by Tucows has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Tucows Inc.  (signed and verified)

Product:
Internet Explorer ActiveX Wrapper

Description:
An ActiveX wrapper for the Internet Explorer for use with the Platypus Billing System.

Version:
7.00.2219

MD5:
42ed6541fd8858294f22882558fb72e2

SHA-1:
2193bc23436c384041dbefae2d6fa8ca1a644dbb

SHA-256:
58471cedeb70b848c529df652e1af137acee9858fc42bd4d8b93a767bbe80e2d

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/3/2024 8:37:02 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Tucows (M)
16.5.18.1

File size:
32.4 KB (33,144 bytes)

Product version:
7.00.2219

Copyright:
(C) Copyright 1996-2009, 2010 Tucows Inc. -- All Rights Reserved

Trademarks:
Platypus Billing System

Original file name:
IEPostWrapper7.ocx

File type:
OLE control extension (Win32 OCX)

Language:
English (United States)

Common path:
C:\windows\syswow64\iepostwrapper.ocx

Digital Signature
Signed by:
Tucows Inc.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
4/29/2009 7:00:00 PM

Valid to:
4/30/2011 6:59:59 PM

Subject:
CN=Tucows Inc., OU=Platypus Billing System, O=Tucows Inc., L=Toronto, S=Ontario, C=CA

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
264D222837911D35F90821F7D3395837

File PE Metadata
Compilation timestamp:
3/29/2011 2:23:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
192:xyESx1FoVC3Z2QdCelDLmh1uy2IAYC90T1MzTA0577nWOeyowJL/jph:xyEOFS6ZBD+uyo90T1cTmYJL7

Entry address:
0x1248

Entry point:
5A, 68, A8, 3A, 00, 11, 68, AC, 3A, 00, 11, 52, E9, E9, FF, FF, FF, 00, 00, 00, A0, 00, 00, 00, 30, 00, 00, 00, 98, 00, 00, 00, 40, 00, 00, 00, 5B, FC, 05, 25, 9B, EC, FF, 40, AB, D9, 6A, 16, 67, 6A, 4D, 19, 00, 00, 00, 00, 02, 00, 1B, 00, 00, 00, 00, 00, 00, 00, 00, 00, 49, 45, 50, 6F, 73, 74, 57, 72, 61, 70, 70, 65, 72, 00, 00, 00, 41, 6E, 20, 41, 63, 74, 69, 76, 65, 58, 20, 77, 72, 61, 70, 70, 65, 72, 20, 66, 6F, 72, 20, 74, 68, 65, 20, 49, 6E, 74, 65, 72, 6E, 65, 74, 20, 45, 78, 70, 6C, 6F, 72, 65, 72...
 
[+]

Entropy:
4.1179

Developed / compiled with:
Microsoft Visual Basic v6.0

Code size:
8 KB (8,192 bytes)

Remove iepostwrapper.ocx - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.