mckschs.dll

DivineMedia Inc.

The module mckschs.dll by DivineMedia has been detected as adware by 39 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘mckschgoopg.mckschgoo’.
Remove mckschs.dll - Powered by Reason Core Security
Publisher:
mcksch  (signed by DivineMedia Inc.)

Product:
mcksch

Version:
1.00

MD5:
f537fc2f29a5a2abfcf20a616fa95706

SHA-1:
d6ad2bce966f3663cd2694fc4c9b0e38efbe3c53

SHA-256:
323b49ea5f183f97e151f984be38f5896edf6b09cd9acae236e67819da2ef237

Scanner detections:
39 / 68

Status:
Adware

Analysis date:
12/10/2016 7:41:39 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Helper
14.06.10

Avira AntiVirus
TR/Msidebar.C.254
7.11.142.34

avast!
Win32:Adware-AZC [Adw]
2014.9-140610

ESET NOD32
Win32/Msidebar (variant)
8.9653

Fortinet FortiGate
W32/Msidebar.A!tr
6/10/2014

IKARUS anti.virus
Trojan.Win32.Msidebar
t3scan.1.6.1.0

McAfee
Artemis!F537FC2F29A5
5600.7103

McAfee Web Gateway
Artemis!F537FC2F29A5
7.7103

Microsoft Security Essentials
Trojan:Win32/Msidebar.C
1.10401

Qihoo 360 Security
Win32/Trojan.932
1.0.0.1015

Reason Heuristics
PUP.BHO.DivineMedia.H
14.8.8.0

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.F47V0406
7.2.161

VIPRE Antivirus
Trojan.Win32.Generic
28148

Remove mckschs.dll - Powered by Reason Core Security
File size:
127.5 KB (130,520 bytes)

Product version:
1.00

Original file name:
mckschs.dll

File type:
Dynamic link library (Win32 DLL)

Language:
Korean (Korea)

Common path:
C:\Program Files\mg internet platform\mckschs.dll

Digital Signature
Authority:
Thawte, Inc.

Valid from:
12/3/2012 6:00:00 PM

Valid to:
1/3/2015 5:59:59 PM

Subject:
CN=DivineMedia Inc., OU=Planning Dept, O=DivineMedia Inc., L=Guro-gu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
70D6D72340C00A54AEEB109E10818B2B

File PE Metadata
Compilation timestamp:
3/27/2014 12:21:11 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:s+fQEYybpv+xifH6Vt7n+ZmRQLaHX+O9NUqjQm98Iqlgn:hQubpDH6Vt7n+Vmu

Entry address:
0x21FC

Entry point:
5A, 68, DC, A6, 01, 11, 68, E0, A6, 01, 11, 52, E9, E9, FF, FF, FF, 00, 00, 00, 48, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 3E, 77, 6E, D7, 10, E2, A8, 47, A7, E1, 9E, B6, 92, 8D, E9, CD, 00, 00, 00, 00, 00, 00, 05, 00, 00, 00, 00, 00, 00, 00, D0, 02, 6D, 63, 6B, 73, 63, 68, 67, 6F, 6F, 70, 67, 00, 00, 00, 00, 00, 00, 00, FB, FA, FC, F7, FC, FB, C0, 00, 00, 00, 90, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 04, 00, 00, 00, EE, CA, 63, 5D, 68, BD, D5, 43, A4, 78, E3, 3D, 85, 6C, D8, 3B...
 
[+]

Entropy:
5.8214

Developed / compiled with:
Microsoft Visual Basic v6.0

Code size:
96 KB (98,304 bytes)

Internet Explorer BHO
CLSID:
{560F41A8-711E-4B75-BBB8-71C853DDC874}

CLSID name:
mckschgoopg.mckschgoo


Remove mckschs.dll - Powered by Reason Core Security