» OfferMosquitoIEPlaceholder.dll
Overview
Analysis
File Details
Behaviors (1)

OfferMosquitoIEPlaceholder.dll

OfferMosquito

Bebo Media Ltd.

The module OfferMosquitoIEPlaceholder.dll by Bebo Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘OfferMosquito’.

File name:

Publisher:

Bebo Media Ltd (signed by Bebo Media Ltd.)

Product:

OfferMosquito

Version:

1.0.0.1

MD5:

3cb9a766f18cda2d1addc250f3c6f185

SHA-1:

288943fd6cd762ad644c20a52b71d2e3742f0efc

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

5/16/2025 10:39:00 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

16.9.2.21

File size:

149.9 KB (153,520 bytes)

Product version:

1.0.0.1

Original file name:

OfferMosquitoIEPlaceholder.dll

File type:

Dynamic link library (Win32 DLL)

Language:

German (Germany)

Common path:

C:\Documents and Settings\{user}\Application data\ext_offermosquito\offermosquitoieplaceholder.dll

Digital Signature

Signed by:

Bebo Media Ltd.

Authority:

GlobalSign nv-sa

Valid from:

10/15/2013 5:20:49 PM

Valid to:

10/16/2014 5:20:49 PM

Subject:

E=office@bebomedia.com, CN=Bebo Media Ltd., O=Bebo Media Ltd., L=Tortola, S=Tortola, C=VG

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121C31FCB2852745C71A0A38B8A13B20EF7

Registration

CLSID:

{82B16A3D-F03E-4565-A532-666B219C9A53}

COM registered:

Yes

File PE Metadata

Compilation timestamp:

8/30/2013 2:24:34 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

1536:XpSE58JiZTcPX398A6lcW9oiHI1p2M/8ntvDQUMvx0vObEkltj:XX8J42icW9o9X9/Qt7QUwxwObEkTj

Entry address:

0x116EA

Entry point:

E9, D1, 2D, 01, 00, E9, 4C, 49, 01, 00, E9, 67, 3A, 01, 00, E9, 32, 4B, 00, 00, E9, 9D, DC, 00, 00, E9, 48, BE, 00, 00, E9, 93, 80, 00, 00, E9, 6E, 1F, 01, 00, E9, 79, D2, 00, 00, E9, A4, 45, 00, 00, E9, DF, 26, 01, 00, E9, 3A, 12, 00, 00, E9, C5, 18, 01, 00, E9, 40, 04, 01, 00, E9, 7B, E4, 00, 00, E9, 46, 5D, 00, 00, E9, 71, 2D, 01, 00, E9, AC, 75, 00, 00, E9, A7, 89, 00, 00, E9, 72, 56, 00, 00, E9, E1, 48, 01, 00, E9, F8, 51, 00, 00, E9, 93, FD, 00, 00, E9, 7E, DE, 00, 00, E9, 19, B5, 00, 00, E9, 94, 30... 
[+]

Entropy:

5.1706

Developed / compiled with:

Microsoft Visual C++ 8.0 (Debug)

Code size:

102 KB (104,448 bytes)

Internet Explorer BHO

Display name:

OfferMosquito

CLSID:

{82B16A3D-F03E-4565-A532-666B219C9A53}

Remove OfferMosquitoIEPlaceholder.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.