home

searchdonkey.e3e38e2b3c8c.dll

WebAppTech Coding LLC

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The module searchdonkey.e3e38e2b3c8c.dll by WebAppTech Coding has been detected as adware by 14 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup.
Publisher:
WebAppTech Coding LLC  (signed and verified)

MD5:
cbf15e21075a80987932e338c38b5dba

SHA-1:
9499359be502131027c1fe4e4409fe90f304f9f8

SHA-256:
3926acd706026de1f0d11aeac98d27563ea685630ca1b1042deb67feb30f1b60

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
4/19/2024 6:04:19 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.SaMon
7.1.1

AVG
Downloader
2016.0.3232

Comodo Security
ApplicUnwnt
18513

ESET NOD32
MSIL/Adware.PullUpdate (variant)
9.9930

Fortinet FortiGate
Adware/SaMon
1/11/2015

Kaspersky
not-a-virus:AdWare.Win32.SaMon
14.0.0.2657

McAfee
Artemis!CBF15E21075A
5600.6888

NANO AntiVirus
Riskware.Win32.PullUpdate.cymjqv
0.28.0.60253

Panda Antivirus
Trj/OCJ.F
15.01.11.03

Reason Heuristics
PUP.WebAppTechCoding.Y
15.1.11.14

Sophos
Generic PUA JE
4.98

Trend Micro House Call
TROJ_GEN.F47V0604
7.2.11

Vba32 AntiVirus
AdWare.SaMon
3.12.26.0

VIPRE Antivirus
Injekt
30198

File size:
1.1 MB (1,161,080 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\windows\syswow64\searchdonkey.e3e38e2b3c8c.dll

Digital Signature
Signed by:
WebAppTech Coding LLC

Authority:
VeriSign, Inc.

Valid from:
12/24/2013 12:00:00 AM

Valid to:
12/24/2014 11:59:59 PM

Subject:
CN=WebAppTech Coding LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WebAppTech Coding LLC, L=Grandville, S=Michigan, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1A6411A4888DF6223DF9C572F9BE2E96

File PE Metadata
Compilation timestamp:
4/24/2014 10:29:47 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:u/CjbVOpgkf25dk+P5Rcp7Ass9wVuwDIEkc3XLswTJfjTiJ:IWV4gO2fk+DwVuw0Ekc3X5TdTk

Entry address:
0xACF14

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, E2, D2, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 94, 30, 11, 10, 00, 74, 05, E9, 35, D3, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03...
 
[+]

Entropy:
6.2589

Code size:
805.5 KB (824,832 bytes)

Remove searchdonkey.e3e38e2b3c8c.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.