» pageshots_x86.dll
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

pageshots_x86.dll

Pageshots for Internet Explorer PRO

AD ON Multimedia Advertising GmbH

The module pageshots_x86.dll by AD ON Multimedia Advertising GmbH has been detected as adware by 2 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘pageshotsbho’. This file is typically installed with the program PageshotsPro 1.0.0 by AD ON Multimedia Advertising GmbH which is a potentially unwanted software program.

File name:

pageshots_x86.dll

Publisher:

AD ON Multimedia Advertising GmbH (signed and verified)

Product:

Pageshots for Internet Explorer PRO

Version:

1.0.0.1

MD5:

9c92224b786a4f1203378641c39c2aeb

SHA-1:

24a25bdae53245c918de47acbffe8e8a3978f8f5

SHA-256:

20b4d2bb8845f8fa92e93d03c3df329ddeb26b02ae3743dd4250db5a421d205e

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

4/19/2024 1:43:54 AM UTC (today)

Scan engine

Detection

Engine version

Malwarebytes

Adware.ADON

v2013.12.25.04

Reason Heuristics

PUP.BHO.ADONMultimediaAdvertisingGmbH.N

14.3.31.17

File size:

192.8 KB (197,432 bytes)

Product version:

1.0.0.1

Original file name:

pageshots.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\ProgramData\pageshotspro\pageshots_x86.dll

Digital Signature

Signed by:

AD ON Multimedia Advertising GmbH

Authority:

The USERTRUST Network

Valid from:

12/1/2010 3:30:00 AM

Valid to:

12/1/2012 3:29:59 AM

Subject:

CN=AD ON Multimedia Advertising GmbH, O=AD ON Multimedia Advertising GmbH, STREET=Stephensonstraße 16, L=Potsdam, S=Brandenburg, PostalCode=14482, C=DE

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

2E582E4A477A2CE2CE22687D984DD3FE

Registration

CLSID:

{28CF50DA-4A17-4442-BBF9-D916BFDE072C}

COM registered:

Yes

File PE Metadata

Compilation timestamp:

12/7/2010 1:27:37 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:F2aUtTyryAYDxIwVsOOYI5aNvw1OhqbqeoHuuOCVUBiBw:FLUtTUYj9mawwhi9u1lm

Entry address:

0x10F05

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, BA, 74, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, 80, BB, 02, 10, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 58, 30, 02, 10, 33, C0, 39, 5D, 28, 53, 53... 
[+]

Entropy:

6.4948

Code size:

134 KB (137,216 bytes)

Internet Explorer BHO

Display name:

pageshotsbho

CLSID:

{28CF50DA-4A17-4442-BBF9-D916BFDE072C}

CLSID name:

Pageshots for Internet Explorer PRO

The file pageshots_x86.dll has been discovered within the following program.

PageshotsPro 1.0.0 by AD ON Multimedia Advertising GmbH

Pageshots is an malware web browser extension designed to take control of the user's browser in order to redirect web searches and inject advertising. In Internet Explorer the program run as a Browser Helper Object.

pageshots.net

79% remove it

Remove pageshots_x86.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.