» pageshots_x64.dll
Overview
Analysis
File Details
Programs (1)

pageshots_x64.dll

Pageshots for Internet Explorer PRO

AD ON Multimedia Advertising GmbH

The module pageshots_x64.dll by AD ON Multimedia Advertising GmbH has been detected as adware by 2 anti-malware scanners. This file is typically installed with the program PageshotsPro 1.0.0 by AD ON Multimedia Advertising GmbH which is a potentially unwanted software program.

File name:

pageshots_x64.dll

Publisher:

AD ON Multimedia Advertising GmbH (signed and verified)

Product:

Pageshots for Internet Explorer PRO

Version:

1.0.0.1

MD5:

60311a68169b35e1eb0fca9bd6f3a358

SHA-1:

28d59cbefc5eaa5a985f8af0b6b964adeb36b171

SHA-256:

2f0e166e039e4629683358827fb2b94d4cc361473afc14b3f904e7c8004c3f5d

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

4/26/2024 7:52:47 AM UTC (today)

Scan engine

Detection

Engine version

Malwarebytes

Adware.ADON

v2014.09.07.06

Reason Heuristics

PUP.ADONMultimediaAdvertisingGmbH.N

14.9.7.6

File size:

222.3 KB (227,640 bytes)

Product version:

1.0.0.1

Original file name:

pageshots.dll

File type:

Dynamic link library (Win64 DLL)

Language:

English (United States)

Common path:

C:\ProgramData\pageshotspro\pageshots_x64.dll

Digital Signature

Signed by:

AD ON Multimedia Advertising GmbH

Authority:

The USERTRUST Network

Valid from:

12/1/2010 3:00:00 AM

Valid to:

12/1/2012 2:59:59 AM

Subject:

CN=AD ON Multimedia Advertising GmbH, O=AD ON Multimedia Advertising GmbH, STREET=Stephensonstraße 16, L=Potsdam, S=Brandenburg, PostalCode=14482, C=DE

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

2E582E4A477A2CE2CE22687D984DD3FE

Registration

CLSID:

{28CF50DA-4A17-4442-BBF9-D916BFDE072C}

COM registered:

Yes

File PE Metadata

Compilation timestamp:

12/7/2010 12:58:11 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:oN0g4UwubROykAx3DKk5+0qUU5GTfa7xU64ItAxRH3C/YyT8KzVR3:oF4UNsnA5Dl7qUDTfa7xU6heDXC/8Q

Entry address:

0x12A44

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, D3, 86, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, A7, FE, FF, FF, CC, CC, CC, 40, 55, 41, 54, 41, 55, 41, 56, 41, 57, 48, 83, EC, 50, 48, 8D, 6C, 24, 40, 48, 89, 5D, 40, 48, 89, 75, 48, 48, 89, 7D, 50, 48, 8B, 05, E6, F7, 01, 00, 48, 33, C5, 48, 89, 45, 08, 8B, 5D, 60, 33, FF, 4D, 8B, F1, 45, 8B, F8, 89, 55, 00, 85, DB, 7E, 2A, 44... 
[+]

Entropy:

6.1613

Code size:

143.5 KB (146,944 bytes)

The file pageshots_x64.dll has been discovered within the following program.

PageshotsPro 1.0.0 by AD ON Multimedia Advertising GmbH

Pageshots is an malware web browser extension designed to take control of the user's browser in order to redirect web searches and inject advertising. In Internet Explorer the program run as a Browser Helper Object.

pageshots.net

79% remove it

Remove pageshots_x64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.