home

plus.dll

OPEN.co., ltd

The module plus.dll by OPEN.co., ltd has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
OPEN.s.  (signed by OPEN.co., ltd)

Version:
1.0.0.1

MD5:
5b1a8194781155ed4a338e766507aba3

SHA-1:
95b0768164e24d8ae9442df87e575567496fc578

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
5/1/2024 10:13:24 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.11.25.1

File size:
556.4 KB (569,800 bytes)

Product version:
1.0.0.0

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\plus on\plus.dll

Digital Signature
Signed by:
OPEN.co., ltd

Authority:
Thawte, Inc.

Valid from:
11/11/2010 9:00:00 AM

Valid to:
12/12/2011 8:59:59 AM

Subject:
CN="OPEN.co., ltd", O="OPEN.co., ltd", L=Busanjin-gu, S=Busan, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
6C7B063829C3429B03759FEF1CAA5B82

File PE Metadata
Compilation timestamp:
9/16/2011 11:10:21 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:DoMuKITmjm8fsJmgXItDgRDlO5VpWFlaM/QrO+A:DolKICK8fsJmgJDSVI7l+O+A

Entry address:
0x186EF5

Entry point:
B8, DC, 7B, 58, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 08, E1, 48, 01, E9, 60, 60, 15, 83, EC, 30, 8B, 1D, 44, 24, 34, 1F, 48, 01, 53, 55, 56, BE, 01, BF, 2F, 8C, DE, D3, E3, 1E, 04, 78, 57, 3D, 78, 0C, E7, 1A, D6, D3, E2, 89, 0E, 41, 03, C8, B8, 1D, 37, 38, D0, E0, 33, ED, 2B, 72, DE, 0C, D6, 05, 36, 07, 1A, 89, 1D, 7C, 24, 20, 1D, 6C, 0D, 14, C6, 40, CB, 3E, 1A, 5C, BE, 38, BE, 54, B3, 3C, 23, 10, E3, 74, E3, 1C, 22, 09...
 
[+]

Entropy:
7.9810

Packer / compiler:
PECompact v2

Code size:
1.1 MB (1,154,560 bytes)

Remove plus.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.