home

phdzogytod.dll

Great Apps

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The module phdzogytod.dll by Great Apps has been detected as adware by 15 anti-malware scanners.
Publisher:
Great Apps  (signed and verified)

Version:
1.0.0.1

MD5:
97fab0f91f35e0f3e587f8944cba25ec

SHA-1:
3455993295b10f41c826d506a4ef2f893f8b27ad

SHA-256:
1d053d16db124d7f243cd891e6fd7687d681024d5bcc7d2d87cb89781595c393

Scanner detections:
15 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
4/18/2024 10:37:37 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.PullUpdate
2015.04.18

Avira AntiVirus
ADWARE/PullUpdate.Gen
3.6.1.96

AVG
Generic
2016.0.3136

Baidu Antivirus
Adware.MSIL.PullUpdate
4.0.3.15418

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Yontoo.68
9.0.1.05190

ESET NOD32
MSIL/Adware.PullUpdate.K.gen (variant)
9.11493

K7 AntiVirus
Adware
13.202.15637

Kaspersky
not-a-virus:AdWare.Win32.Agent
15.0.0.543

Malwarebytes
PUP.Optional.ZombieInvasion.A
v2015.04.18.09

Reason Heuristics
Threat.Injekt.GreatApps
15.4.18.4

Sophos
Generic PUA DE
4.98

Trend Micro House Call
TROJ_GEN.R08NH07DI15
7.2.108

Vba32 AntiVirus
AdWare.Agent
3.12.26.3

File size:
1.2 MB (1,240,536 bytes)

Product version:
1.0.0.1

Copyright:
Copyright (C) 2014

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\ProgramData\application data\lnhbzfxwl\dat\phdzogytod.dll

Digital Signature
Signed by:
Great Apps

Authority:
Symantec Corporation

Valid from:
2/16/2015 7:00:00 PM

Valid to:
2/17/2016 6:59:59 PM

Subject:
CN=Great Apps, O=Great Apps, L=St. Michael, S=St. Michael, C=BB

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
18DA5D77283E42E4EA6279778229FFBA

File PE Metadata
Compilation timestamp:
4/16/2015 10:40:55 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:YCqJWJVxlef25mazs5cPGnS16qvbvRQsq2cq9RxxHG:YCqWxQPcjGn0Xdq+xxHG

Entry address:
0x268B

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 4E, 26, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 30, BD, 00, 10, 89, 0D, 2C, BD, 00, 10, 89, 15, 28, BD, 00, 10, 89, 1D, 24, BD, 00, 10, 89, 35, 20, BD, 00, 10, 89, 3D, 1C, BD, 00, 10, 66, 8C, 15, 48, BD, 00, 10, 66, 8C, 0D, 3C, BD, 00, 10, 66, 8C, 1D, 18, BD, 00, 10, 66, 8C, 05, 14, BD, 00, 10, 66, 8C, 25, 10, BD, 00, 10, 66, 8C, 2D, 0C, BD, 00, 10, 9C, 8F, 05, 40, BD...
 
[+]

Entropy:
7.9778  (probably packed)

Code size:
28 KB (28,672 bytes)

Remove phdzogytod.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.