home

RebateI.dll

RebateInformer

Valion Group, LLC

The module RebateI.dll, “RebateInformer Browser Object” by Valion Group has been detected as adware by 12 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘’.
Publisher:
Valion Group  (signed by Valion Group, LLC)

Product:
RebateInformer

Description:
RebateInformer Browser Object

Version:
2.0.0.19

MD5:
77a3d76ebea8fc5558e436d95b2004d3

SHA-1:
d943cb4f32cc8a658f02919a16f69185ef40bf65

SHA-256:
e73f0685af7a772d830686fc9f804fd87eb6f085430deeb7215a9f8a1de50fac

Scanner detections:
12 / 68

Status:
Adware

Analysis date:
4/19/2024 3:15:27 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Trash.Gen
7.11.30.172

AVG
Generic
2017.0.2859

Baidu Antivirus
Adware.Win32.Inbox
4.0.3.16120

Bkav FE
W32.HfsAdware
1.3.0.7383

Dr.Web
Trojan.Damaged.1
9.0.1.020

ESET NOD32
Win32/Toolbar.Inbox.I potentially unwanted application
10.7.0.302.0

McAfee
Artemis!1D04C6AE1273
5600.6515

Reason Heuristics
PUP.ValionGroup (M)
16.1.20.1

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
9375

Trend Micro House Call
Suspicious_GEN.F47V0627
7.2.20

Trend Micro
ADW_BHO
10.465.20

VIPRE Antivirus
Threat.4729122
29708

File size:
1.8 MB (1,884,544 bytes)

Product version:
2.0.0.19

Copyright:
Valion Group

Original file name:
RebateI.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\rebateinformer\rebatei.dll

Digital Signature
Signed by:
Valion Group, LLC

Authority:
VeriSign, Inc.

Valid from:
3/25/2014 7:00:00 PM

Valid to:
3/25/2017 6:59:59 PM

Subject:
CN="Valion Group, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Valion Group, LLC", L=Wilmington, S=Delaware, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6C9EC9E8E4510A62474089046563ED77

File PE Metadata
Compilation timestamp:
10/16/2014 5:08:16 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:W1a4EGkCs96HAqW5BZN/eUlCiQAco3ygFdWjKNrWTAbxUYCqs6wIH0:Wx1s96gR7so3ygzETAbxwqaIU

Entry address:
0x183ECC

Entry point:
55, 8B, EC, 83, C4, C0, B8, 6C, 91, 57, 00, E8, 64, B8, E8, FF, E8, F7, 64, E8, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.6986

Developed / compiled with:
Microsoft Visual C++

Code size:
1.5 MB (1,582,592 bytes)

Internet Explorer BHO
CLSID:
{CCB69577-088B-4004-9ED8-FF5BCC83A039}


Remove RebateI.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.