home

productinfo.dll

DoubleD Advertising Limited

The module productinfo.dll by DoubleD Advertising Limited has been detected as a potentially unwanted program by 29 anti-malware scanners. The file has been seen being downloaded from download2.desktopsmiley.com.
Publisher:
DoubleD Advertising Limited  (signed and verified)

Version:
4,1,3,20290

MD5:
fe2a667c60fdd76aafecf9eae71ec903

SHA-1:
19a615d92432d18f1c4967c11cc69b73a8499a46

SHA-256:
40bec1ae74555ed9811c3531aba692716c25d0fe789696e995e644b8e2a40496

Scanner detections:
29 / 68

Status:
Potentially unwanted

Analysis date:
5/22/2024 2:09:17 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.DoubleD
7.1.1

AhnLab V3 Security
Win-Adware/ToolBar.DoubleD.180504.B
2013.02.19

Avira AntiVirus
ADWARE/Adware.Gen
7.11.14.0

avast!
Win32:Adware-gen [Adw]
2014.9-141119

AVG
Generic4
2015.0.3285

Bitdefender
Application.Generic.323919
1.0.20.1615

Clam AntiVirus
Trojan.Agent-265072
0.98/18155

Comodo Security
ApplicUnwnt.Win32.Adware.DoubleD.D0
9882

Dr.Web
Adware.DoubleD.7
9.0.1.0323

Emsisoft Anti-Malware
Application.SuspectCRC!IK
8.14.11.19.01

ESET NOD32
Win32/Adware.DoubleD
8.6414

Fortinet FortiGate
Riskware/PUP_x
12/16/2014

F-Prot
W32/Adware.AESL
v6.4.6.2.117

F-Secure
Adware:W32/DoubleD.gen!A
11.2014-19-11_4

G Data
Application.Generic.323919
14.11.22

IKARUS anti.virus
Application.SuspectCRC
t3scan.1.1.107.0

K7 AntiVirus
Adware
13.111.5060

McAfee
Artemis!FE2A667C60FD
5600.6941

MicroWorld eScan
Application.Generic.285890
15.0.0.1050

NANO AntiVirus
Trojan.Win32.DoubleD.eaucz
0.22.8.50637

Norman
W32/Suspicious_Gen2.OHGFA
11.20141119

nProtect
Adware.DoubleD.D
11.08.26.02

Panda Antivirus
Trj/CI.A
14.12.16.11

Reason Heuristics
PUP.DoubleDAdvertisingLimited.L
14.11.19.13

SUPERAntiSpyware
Adware.Generic
10173

Trend Micro House Call
ADW_DOUBLED
7.2.323

Trend Micro
ADW_DOUBLED
10.465.19

Vba32 AntiVirus
Win32.Adware.DoubleD
3.12.16.4

VIPRE Antivirus
Trojan.Win32.Adware
10277

File size:
176.3 KB (180,504 bytes)

Product version:
4,1,3,20290

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\ProgramData\application data\{f444439b-b473-48e8-8de5-4cb929c79a9f}\offline\ce8732d\3e688669\productinfo.dll

Digital Signature
Signed by:
DoubleD Advertising Limited

Authority:
The USERTRUST Network

Valid from:
1/21/2009 12:00:00 AM

Valid to:
1/21/2010 11:59:59 PM

Subject:
CN=DoubleD Advertising Limited, O=DoubleD Advertising Limited, STREET=15/F TOWER 1 GRAND CENTRAL, STREET=PLAZA 138 SHATIN RURAL, STREET=COMMITTEE RD SHATIN NT, L=HONG KONG, S=HONG KONG, PostalCode=N/A, C=HK

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
519F1E2F73EB9C0F7DFAAC4816B292D3

File PE Metadata
Compilation timestamp:
7/13/2009 10:11:55 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
1536:9FLfrLq1YD5qEqqbMsq+fdwWmJ5TWo4+2Yy9IWKaWph3YgBgF8Ssvu8B+Ktv89o2:jfUOBqXse1Tt2YyO/YMVu8B+KtvfhO9

Entry address:
0x7260

Entry point:
83, 7C, 24, 08, 01, 75, 05, E8, 9E, 2E, 00, 00, FF, 74, 24, 04, 8B, 4C, 24, 10, 8B, 54, 24, 0C, E8, ED, FE, FF, FF, 59, C2, 0C, 00, 6A, 0C, 68, E8, 1B, 02, 10, E8, 5F, 01, 00, 00, 8B, 75, 08, 85, F6, 74, 75, 83, 3D, 7C, 9A, 02, 10, 03, 75, 43, 6A, 04, E8, EF, 30, 00, 00, 59, 83, 65, FC, 00, 56, E8, 5D, 31, 00, 00, 59, 89, 45, E4, 85, C0, 74, 09, 56, 50, E8, 79, 31, 00, 00, 59, 59, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 83, 7D, E4, 00, 75, 37, FF, 75, 08, EB, 0A, 6A, 04, E8, DD, 2F, 00, 00, 59, C3...
 
[+]

Entropy:
6.3990

Code size:
116 KB (118,784 bytes)

The file productinfo.dll has been seen being distributed by the following URL.

http://download2.desktopsmiley.com/toolbar/gamingharbor/download/toolbar/.../productinfo.dll

Remove productinfo.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.