» OfferMosquitoIEPlaceholder.dll
Overview
Analysis
File Details
Behaviors (1)

OfferMosquitoIEPlaceholder.dll

OfferMosquito

HTTO GROUP Ltd

The module OfferMosquitoIEPlaceholder.dll by HTTO GROUP has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘OfferMosquito’.

File name:

Publisher:

Bebo Media Ltd (signed by HTTO GROUP Ltd)

Product:

OfferMosquito

Version:

1.0.0.1

MD5:

4a9e3b0d95a5570b6273fbb0abff9f68

SHA-1:

b076c163c389920d7faa3bf765b420b7df5e58a9

SHA-256:

9f23dc9c468ca23a707146a8b5bfe93e58aca2e344c9fdbdbc3cb5ee0da56a37

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/24/2024 9:19:47 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.HTTOGROU (M)

16.6.29.18

File size:

149.9 KB (153,464 bytes)

Product version:

1.0.0.1

Original file name:

OfferMosquitoIEPlaceholder.dll

File type:

Dynamic link library (Win32 DLL)

Language:

German (Germany)

Common path:

C:\users\{user}\appdata\local\ext_offermosquito\offermosquitoieplaceholder.dll

Digital Signature

Signed by:

HTTO GROUP Ltd

Authority:

GlobalSign nv-sa

Valid from:

4/22/2013 11:38:58 AM

Valid to:

7/9/2014 2:34:45 PM

Subject:

CN=HTTO GROUP Ltd, O=HTTO GROUP Ltd, L=Tel Aviv, C=IL

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11212AE9900EBFFE61AB8B6D8840612E82CC

File PE Metadata

Compilation timestamp:

8/29/2013 9:24:34 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

1536:UpSE58JiZTcPX398A6lcW9oiHI1p2M/8ntvDQUMvx0vObEklt:UX8J42icW9o9X9/Qt7QUwxwObEkT

Entry address:

0x116EA

Entry point:

E9, D1, 2D, 01, 00, E9, 4C, 49, 01, 00, E9, 67, 3A, 01, 00, E9, 32, 4B, 00, 00, E9, 9D, DC, 00, 00, E9, 48, BE, 00, 00, E9, 93, 80, 00, 00, E9, 6E, 1F, 01, 00, E9, 79, D2, 00, 00, E9, A4, 45, 00, 00, E9, DF, 26, 01, 00, E9, 3A, 12, 00, 00, E9, C5, 18, 01, 00, E9, 40, 04, 01, 00, E9, 7B, E4, 00, 00, E9, 46, 5D, 00, 00, E9, 71, 2D, 01, 00, E9, AC, 75, 00, 00, E9, A7, 89, 00, 00, E9, 72, 56, 00, 00, E9, E1, 48, 01, 00, E9, F8, 51, 00, 00, E9, 93, FD, 00, 00, E9, 7E, DE, 00, 00, E9, 19, B5, 00, 00, E9, 94, 30... 
[+]

Developed / compiled with:

Microsoft Visual C++ 8.0 (Debug)

Code size:

102 KB (104,448 bytes)

Internet Explorer BHO

Display name:

OfferMosquito

CLSID:

{82B16A3D-F03E-4565-A532-666B219C9A53}

Remove OfferMosquitoIEPlaceholder.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.