» Rolimno.Common.dll
Overview
Analysis
File Details
Programs (2)

Rolimno.Common.dll

Rolimno

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module Rolimno.Common.dll by Rolimno has been detected as adware by 3 anti-malware scanners. Additionally, the file is typically installed by a number of programs including Rolimno 1.0.0 by Yontoo Technology, Inc. and Buzzdock by Alactro LLC, both potentially unwanted software. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.

File name:

Rolimno.Common.dll

Publisher:

Rolimno (signed and verified)

Description:

Rolimno Common

Version:

1.0.0.0

MD5:

c8864d6135d22c49e7e21d3f17c52238

SHA-1:

d406d6dde46f61bcf422c9df01225875e40b96fe

SHA-256:

ca9de00e1af05cd65093d7cc3db2e5ef1dfa200465d1bbeee652881a1c681592

Scanner detections:

3 / 68

Status:

Adware

Explanation:

Injects advertising in the web browser in various formats.

Analysis date:

4/23/2024 5:45:40 PM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.Plugin.100

9.0.1.0204

ESET NOD32

MSIL/BrowseFox (variant)

8.8776

Reason Heuristics

PUP.Rolimno.N

14.8.8.0

File size:

13.8 KB (14,104 bytes)

Product version:

1.0.0.0

Original file name:

Rolimno.Common.dll

File type:

Dynamic link library (Win32 DLL)

Language:

Language Neutral

Common path:

C:\Program Files\rolimno\rolimno.common.dll

Digital Signature

Signed by:

Rolimno

Authority:

VeriSign, Inc.

Valid from:

8/12/2013 7:00:00 PM

Valid to:

8/13/2015 6:59:59 PM

Subject:

CN=Rolimno, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Rolimno, L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0D2645238961D2084208FC4B5B89E7FD

File PE Metadata

Compilation timestamp:

8/20/2013 5:38:21 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

192:dgv+H2m6aLwnwlMueTXFGWN62tronYe+PjPzrHuLS+vYCIr9ZCspE+TMQrVYHk:dgK6SVMueTXFPcnYPLnuLuMeMQj

Entry address:

0x354E

Entry point:

FF, 25, 00, 20, 00, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.2747

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

5.5 KB (5,632 bytes)

The file Rolimno.Common.dll has been discovered within the following programs.

Buzzdock by Alactro LLC

This is a web browser extension that injects advertising. From the EULA: "Buzzdock is free to download and use. Buzzdock is supported by advertising, and users will see additional ads on websites where Buzzdock features operate.

www.buzzdock.com/faq-support

79% remove it

Rolimno 1.0.0 by Yontoo Technology, Inc.

Rolimno is an adware web browser extension designed to take control of the user's browser in order to redirect web searches and inject advertising. In Internet Explorer the program run as a Browser Helper Object.

rolimno.net/support

85% remove it

Remove Rolimno.Common.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.