home

melondreabho.dll

melondrea

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module melondreabho.dll by melondrea has been detected as adware by 23 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘melondrea’. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
melondrea  (signed and verified)

Product:
melondrea

Version:
1.0.0.3

MD5:
94d2da7365a1ecc58076cfaa6c21477b

SHA-1:
c3c59e5364fc8a4c032308d017500390b6e59163

SHA-256:
edebe8598932199366fe858fa6a6215c95dd066094d49d10d65a1222ed8d60c0

Scanner detections:
23 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
4/24/2024 3:22:01 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Agent
7.1.1

Avira AntiVirus
APPL/BrowseFox.Gen2
7.11.144.32

AVG
MalSign.Melond
2015.0.3500

Baidu Antivirus
Adware.Win32.Agent
4.0.3.14418

Comodo Security
Application.Win32.Altbrowse.AK
18124

Dr.Web
Trojan.BPlug.17
9.0.1.0108

ESET NOD32
Win32/BrowseFox (variant)
8.9692

Fortinet FortiGate
Adware/Agent
4/18/2014

G Data
Win32.Application.BrowseFox
14.4.24

herdProtect (fuzzy)
variant of qualitinkbho.dll (Adware)
2014.7.7.10

IKARUS anti.virus
not-a-virus:AdWare.Win32.Agent
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.176.11711

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.3996

Malwarebytes
PUP.Optional.Melondrea.A
v2014.04.18.05

McAfee
Artemis!94D2DA7365A1
5600.7156

NANO AntiVirus
Riskware.Win32.Agent.crkvek
0.28.0.59288

Quick Heal
AdWare.Agent.ahbx (Not a Virus)
4.14.12.00

Reason Heuristics
Adware.Yontoo.melondrea.M
14.4.18.17

Sophos
Generic PUA MD
4.98

SUPERAntiSpyware
Adware.BrowseFox/Variant
10658

Trend Micro House Call
TROJ_GEN.F47V0418
7.2.108

Vba32 AntiVirus
AdWare.Agent
3.12.26.0

VIPRE Antivirus
Yontoo
28346

File size:
243.8 KB (249,632 bytes)

Product version:
1.0.0.3

Copyright:
(c) melondrea. All rights reserved.

Original file name:
melondreaIEClient.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\melondrea\melondreabho.dll

Digital Signature
Signed by:
melondrea

Authority:
VeriSign, Inc.

Valid from:
11/27/2013 1:00:00 AM

Valid to:
11/28/2014 12:59:59 AM

Subject:
CN=melondrea, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=melondrea, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1E3D0BA5A8E3C43BCD552347B3BB8B2B

File PE Metadata
Compilation timestamp:
4/18/2014 2:27:52 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:S3zAFVxVbC/hm4w9uRil2D/IDJHedRpjP+21IaIHIf5Xay5:S3zeK92ukDIdHLR1IoxKy5

Entry address:
0x12844

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 41, 8D, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 30, 2D, 03, 10, E8, BD, 01, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 24, 68, 03, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 8C, A1, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
159 KB (162,816 bytes)

Internet Explorer BHO
Display name:
melondrea

CLSID:
{16f059cb-3d3f-4ecc-b426-bafa47233676}


Remove melondreabho.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.