» plsapp.dll
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

plsapp.dll

Sendori, LLC

This is part of the Sendori web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The module plsapp.dll by Sendori has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed as a Winsock Layered Service Provider (LSP) named “plsapp over [MSAFD Tcpip [TCP/IPv6]]” as a layered chain entry. This file is typically installed with the program PureLeads by Sendori, LLC which is a potentially unwanted software program.

File name:

plsapp.dll

Publisher:

Sendori (signed by Sendori, LLC)

Product:

plsapp.dll

Version:

2.2.7.6

MD5:

b6921fae14c62f53505367d983b346fc

SHA-1:

bb8c196bcdbed01ea857168cf4f563b43e8705d5

SHA-256:

fda36b25337ebac3e78d667bcb047d1f3821b674ac6ec732d5e39d60a6fd7ee8

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/24/2024 9:06:17 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Sendori.G

14.8.7.19

File size:

346.3 KB (354,592 bytes)

Product version:

2.2.7.6

File type:

Dynamic link library (Win32 DLL)

Language:

Language Neutral

Common path:

C:\Windows\System32\plsapp.dll

Digital Signature

Signed by:

Sendori, LLC

Authority:

VeriSign, Inc.

Valid from:

12/9/2013 7:00:00 PM

Valid to:

12/10/2014 6:59:59 PM

Subject:

CN="Sendori, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Sendori, LLC", L=Oakland, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

310642A25A6D9FB4A7E88E32D87A345F

File PE Metadata

Compilation timestamp:

11/13/2013 7:40:18 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:3bdjrdjT8xpwlx+crMn8AWU/5/GV9EZa6GoWjzdCksCfL6cqIMvyoLJ:3bdjrdmwlx+crA8y5uVuaXojGLhMKoF

Entry address:

0x2B993

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, C6, 80, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, FF, 35, 3C, 28, 05, 10, E8, A7, 24, 00, 00, 59, 85, C0, 74, 02, FF, D0, 6A, 19, E8, 68, 82, 00, 00, 6A, 01, 6A, 00, E8, 3E, 82, 00, 00, 83, C4, 0C, E9, 1F, 81, 00, 00, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 0C, 75, 1D, E8, D9, E8, FF, FF, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 0F, E1, FF, FF, 83, C4, 14, 83, C8, FF, EB, 4D, 8B, 45, 08, 3B, C3, 74... 
[+]

Entropy:

6.5778

Code size:

249 KB (254,976 bytes)

Winsock2 LSP

Name:

plsapp over [MSAFD Tcpip [TCP/IPv6]]

Type:

Layered Chain Entry

Provider ID:

{0E9183A7-5FE6-422F-8D25-374B9F9E3A5E}

The file plsapp.dll has been discovered within the following program.

PureLeads by Sendori, LLC

This adware program injects advertisements with its affiliate ad providers in order to serve a number of ad types including banner, inline text links and popups.

pureleads.com

72% remove it

Remove plsapp.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.