» _kttsti.dll
Overview
Analysis
File Details
Behaviors (1)

_kttsti.dll

The module _kttsti.dll has been detected as a potentially unwanted program by 14 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘tOpdeal’.

File name:

_kttsti.dll

MD5:

0fd1c13afef54c0172118cc8b2015921

SHA-1:

92442f160867946be7f126dcd9e49f033c0f5c48

SHA-256:

26b97411c3b51d4754b587eaabebead2f9e2826f743218e8362a3c867968df8f

Scanner detections:

14 / 68

Status:

Potentially unwanted

Explanation:

JustPlugIt cross-browser extension/BHO delivered via adware installer (WebPick InstalleRex) and includes background service (AssistantSvc). Randomizes files names.

Analysis date:

4/26/2024 11:01:02 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

AhnLab V3 Security

Adware/Win32.Graftor

2014.03.03

Avira AntiVirus

ADWARE/Adware.Gen

7.11.134.54

AVG

Generic_r

2015.0.3405

Baidu Antivirus

Adware.Win32.MultiPlug

4.0.3.14723

Comodo Security

ApplicUnwnt.Win32.InstallRex.ALC

17872

ESET NOD32

Win32/AdWare.MultiPlug (variant)

8.9490

G Data

Win32.Trojan.Multiplug

14.7.24

IKARUS anti.virus

AdWare.SProtector

t3scan.2.2.29

Malwarebytes

PUP.Optional.MultiPlug.A

v2014.07.23.10

McAfee

Adware-FHP

5600.7061

Reason Heuristics

Threat.Win.Reputation.IMP

14.7.23.10

Rising Antivirus

PE:Malware.Adware!6.1293

23.00.65.14721

Sophos

MultiPlug

4.98

VIPRE Antivirus

JustPlugIt

27000

File size:

414.5 KB (424,448 bytes)

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\ProgramData\topdeal\_kttsti.dll

File PE Metadata

Compilation timestamp:

1/27/2014 7:07:01 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:ZYDtFWBplazqh2uUGo3yB66d5UKi4OJJ+uNmQDKUKg1Uz+5:ZYDtFWBWqh2m66XUz4U+FQDKxnz+5

Entry address:

0x33B31

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 61, 52, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 88, 2C, 05, 10, E8, 70, 0D, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 4C, AF, 05, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, EC, B2, 04, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

261.5 KB (267,776 bytes)

Internet Explorer BHO

Display name:

tOpdeal

CLSID:

{6B874CFF-1129-5469-0971-2C37CEF10FBE}

Remove _kttsti.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.