home

MemoThis.dll

MemoThis

ISFORU Co. Ltd.

It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘MemoThis’.
Publisher:
IsforU Co.,Ltd.  (signed by ISFORU Co. Ltd.)

Product:
MemoThis

Description:
MemoThis Client

Version:
11, 6, 12, 0

MD5:
9cfb500faeaa156e79eb8c5bb2c5cc68

SHA-1:
0b2a895da8ef6a1d9e73270df2436916672ab6e1

SHA-256:
577f79f928fd27eabd8033bf4cb3154422037e960df66cf6296d1c6fd2c08ae4

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/26/2024 12:57:53 PM UTC  (today)

Scan engine
Detection
Engine version

Malwarebytes
Adware.KorAd
v2014.04.28.05

File size:
218.9 KB (224,120 bytes)

Product version:
11, 6, 12, 0

Copyright:
Copyright (c) IsforU Co.,Ltd. All rights reserved.

Trademarks:
MemoThis

Original file name:
MemoThis.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\appdata\roaming\memothis\memothis.dll

Digital Signature
Signed by:
ISFORU Co. Ltd.

Authority:
Thawte, Inc.

Valid from:
7/22/2010 9:00:00 AM

Valid to:
9/20/2012 8:59:59 AM

Subject:
CN=ISFORU Co. Ltd., OU=Dev Team, O=ISFORU Co. Ltd., L=Mapo-gu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
54C92AB2C9B41B853A81CAD82D42F77F

Registration
CLSID:
{C9F82DA9-F2FC-4AC0-86C2-A34A5C4E9073}

ProgID:
MemoThis.MemoThisBand.1

COM registered:
Yes

File PE Metadata
Compilation timestamp:
6/15/2011 1:09:08 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:JcZTU+sXsCmL/UfgyEVu9rjy9mbG10kZKEhOt4L9yE:JcZTU+scxMeP10kZthOt4LYE

Entry address:
0x20DEC

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, DA, 03, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, CC, FE, FF, FF, 59, 5D, C2, 0C, 00, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, C4, 2B, 03, 10, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, C4, 2B, 03, 10, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF...
 
[+]

Entropy:
6.4042

Code size:
138.5 KB (141,824 bytes)

Internet Explorer BHO
CLSID:
{C9F82DA9-F2FC-4AC0-86C2-A34A5C4E9073}

CLSID name:
MemoThis


Scan MemoThis.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.