» moviemode.48ca2aefa22d.dll
Overview
Analysis
File Details

moviemode.48ca2aefa22d.dll

GenTechnologies Apps, LLC

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The module moviemode.48ca2aefa22d.dll by GenTechnologies Apps has been detected as adware by 12 anti-malware scanners.

File name:

Publisher:

GenTechnologies Apps, LLC (signed and verified)

MD5:

879bff1eafacd5a026a33a70b8b0a74d

SHA-1:

0349e49c5412bd806c173860fa7ac4ac9f9ff214

SHA-256:

fed86ac2501ec20302bf39dba16d477d061e648028116ba5e8840227c03036b8

Scanner detections:

12 / 68

Status:

Adware

Explanation:

Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:

5/7/2024 5:36:38 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Agent.NUR

506

Agnitum Outpost

PUA.PullUpdate

7.1.1

Bitdefender

Adware.Agent.NUR

1.0.20.1295

Emsisoft Anti-Malware

Adware.Agent.NUR

8.15.09.16.03

ESET NOD32

MSIL/Adware.PullUpdate

9.9529

F-Secure

Adware.Agent.NUR

11.2015-16-09_4

G Data

Adware.Agent.NUR

15.9.24

herdProtect (fuzzy)

variant of secureweb.3929cedd2166.dll (Adware)

2015.9.16.15

Malwarebytes

Adware.SaMon

v2015.09.16.03

Reason Heuristics

PUP.Injekt.GenTechnologiesApps (M)

15.8.8.12

Sophos

Search Donkey

4.98

VIPRE Antivirus

SearchDonkey

27668

File size:

1.1 MB (1,152,656 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Windows\System32\moviemode.48ca2aefa22d.dll

Digital Signature

Signed by:

GenTechnologies Apps, LLC

Authority:

COMODO CA Limited

Valid from:

5/30/2013 5:30:00 AM

Valid to:

5/31/2014 5:29:59 AM

Subject:

CN="GenTechnologies Apps, LLC", O="GenTechnologies Apps, LLC", STREET=640 Grand Avenue, STREET=Suite E, L=Carlsbad, S=California, PostalCode=92008, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

06D4A5EDA561071FC293924D6DFC6300

File PE Metadata

Compilation timestamp:

2/19/2014 11:31:32 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:4n8JU1VY9o8FomV1Q/QAn8btimCF2SErl++ZlvT4Nd2afynA:qx12ZFnVBtim4REU+jTidffynA

Entry address:

0xAC5C4

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 12, C1, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 94, 10, 11, 10, 00, 74, 05, E9, 65, C1, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03... 
[+]

Entropy:

6.2532

Code size:

798 KB (817,152 bytes)

Remove moviemode.48ca2aefa22d.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.