» searchdonkey.e3e38e2b3c8c.dll
Overview
Analysis
File Details

searchdonkey.e3e38e2b3c8c.dll

WebAppTech Coding LLC

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The module searchdonkey.e3e38e2b3c8c.dll by WebAppTech Coding has been detected as adware by 17 anti-malware scanners.

File name:

Publisher:

WebAppTech Coding LLC (signed and verified)

MD5:

3525dde7c021d04cf1e10f225e7e08b2

SHA-1:

d7aa94483d1d5852719b2eeefe2301a19ca5ab0c

SHA-256:

29e8378f7f1916e2f84f37f0126ec89d4ee977cdaf0e63a6ba161497aa982f98

Scanner detections:

17 / 68

Status:

Adware

Explanation:

Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:

4/26/2024 2:15:29 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.PullUpdate

7.1.1

Avira AntiVirus

ADWARE/Adware.Gen

7.11.199.188

AVG

Generic

2016.0.3182

Comodo Security

ApplicUnwnt

20619

ESET NOD32

MSIL/Adware.PullUpdate (variant)

9.10972

Fortinet FortiGate

Adware/PullUpdate

3/3/2015

IKARUS anti.virus

AdWare.SaMon

t3scan.1.8.5.0

K7 AntiVirus

Adware

13.1814554

Kaspersky

not-a-virus:AdWare.Win32.SaMon

14.0.0.2405

Malwarebytes

PUP.Optional.SearchDonkey.A

v2015.03.03.01

McAfee

Artemis!3525DDE7C021

5600.6838

NANO AntiVirus

Riskware.Win32.PullUpdate.cwiqgd

0.30.0.64448

Quick Heal

AdWare.SaMon.g5 (Not a Virus)

3.15.14.00

Reason Heuristics

PUP.Injekt

15.3.3.1

Sophos

Pull Update

4.98

VIPRE Antivirus

Injekt

36428

Zillya! Antivirus

Adware.SaMon.Win32.7

2.0.0.2027

File size:

1.1 MB (1,161,080 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\windows\syswow64\searchdonkey.e3e38e2b3c8c.dll

Digital Signature

Signed by:

WebAppTech Coding LLC

Authority:

VeriSign, Inc.

Valid from:

12/24/2013 10:30:00 AM

Valid to:

12/25/2014 10:29:59 AM

Subject:

CN=WebAppTech Coding LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=WebAppTech Coding LLC, L=Grandville, S=Michigan, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

1A6411A4888DF6223DF9C572F9BE2E96

File PE Metadata

Compilation timestamp:

3/21/2014 10:28:17 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:Y82Zzi0VdMJB6NxopGWjPCtnjDwk7zkOYU9HXVIi9JI9TmOHE:i7VuJMNepEwk7zhYU9HXt90TzE

Entry address:

0xACEA4

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, E2, D2, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 94, 30, 11, 10, 00, 74, 05, E9, 35, D3, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03... 
[+]

Entropy:

6.2578

Code size:

805.5 KB (824,832 bytes)

Remove searchdonkey.e3e38e2b3c8c.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.