home

radsteroids.33aabcf1ad13.2.6.80.dll

Deals Interactive Media, LLC

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The module radsteroids.33aabcf1ad13.2.6.80.dll by Deals Interactive Media has been detected as adware by 20 anti-malware scanners.
Publisher:
Deals Interactive Media, LLC  (signed and verified)

MD5:
c20d5bde5a3540600d9e9cff5cc76a31

SHA-1:
5f5c5c4f792342d4500cb96af7f40d591d56c2fb

SHA-256:
028ca27f89f34664978b50af2384477eb5bb871661b37aae2ac3f6a12fa4e534

Scanner detections:
20 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
5/6/2024 7:56:05 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.NUR
1002

Agnitum Outpost
PUA.PullUpdate
7.1.1

Bitdefender
Adware.Agent.NUR
1.0.20.645

Comodo Security
ApplicUnwnt
18072

Emsisoft Anti-Malware
Adware.Agent.NUR
8.14.05.09.12

ESET NOD32
MSIL/Adware.PullUpdate (variant)
8.9746

Fortinet FortiGate
Adware/PullUpdate
5/9/2014

F-Secure
Adware.Agent.NUR
11.2014-09-05_6

G Data
Adware.Agent.NUR
14.5.24

IKARUS anti.virus
AdWare.Agent
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.176.11696

Malwarebytes
PUP.Optional.ZombieAlert.A
v2014.05.09.12

McAfee
Artemis!63096AB97672
5600.7136

MicroWorld eScan
Adware.Agent.NUR
15.0.0.387

nProtect
Adware.Agent.NUR
14.04.08.01

Qihoo 360 Security
Win32/Trojan.Adware.fdf
1.0.0.1015

Reason Heuristics
PUP.DealsInteractiveMedia.BB
14.5.1.22

Sophos
Search Donkey
4.98

Trend Micro House Call
TROJ_GEN.F47V0323
7.2.129

VIPRE Antivirus
SearchDonkey
28144

File size:
1.1 MB (1,161,080 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Windows\System32\radsteroids.33aabcf1ad13.2.6.80.dll

Digital Signature
Signed by:
Deals Interactive Media, LLC

Authority:
VeriSign, Inc.

Valid from:
4/1/2014 5:00:00 PM

Valid to:
7/2/2015 4:59:59 PM

Subject:
CN="Deals Interactive Media, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Deals Interactive Media, LLC", L=Houston, S=Texas, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
293C89819F1335C143553D8C2A0EF766

File PE Metadata
Compilation timestamp:
4/28/2014 1:57:07 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:WvCDLVOpW8fexXc1P5RHmDA5M3wdn9GZUk1HXLUmjJvjTnXH:QWV4Wme9c1iwdn9AUk1HXzjdTXH

Entry address:
0xACF14

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, E2, D2, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 94, 30, 11, 10, 00, 74, 05, E9, 35, D3, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03...
 
[+]

Entropy:
6.2588

Code size:
805.5 KB (824,832 bytes)

Remove radsteroids.33aabcf1ad13.2.6.80.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.