» Startpage24Dyn.dll
Overview
Analysis
File Details
Programs (1)

Startpage24Dyn.dll

Startpage24 Startpage

Link64 GmbH

The module Startpage24Dyn.dll, “General Shared Lib [Startpage24Dyn.dll]” by Link64 GmbH has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Startpage24 by Link64 which is a potentially unwanted software program.

File name:

Startpage24Dyn.dll

Publisher:

Link64 GmbH (signed and verified)

Product:

Startpage24 Startpage

Description:

General Shared Lib [Startpage24Dyn.dll]

Version:

2.0.0.839

MD5:

2979979a6400904fd135152c3b60ed21

SHA-1:

6f833632e8c46353b2679d3a8d46ee69b9e1fb62

SHA-256:

79b91e98a4db3df6bdd14a17d9652aaa21bb76dbe0708380147b37df3c426860

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/18/2024 4:54:20 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

16.12.2.6

File size:

1.2 MB (1,221,784 bytes)

Product version:

2.0.0.839

Original file name:

Startpage24Dyn.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\startpage24\plugin\version_839\startpage24dyn.dll

Digital Signature

Signed by:

Link64 GmbH

Authority:

Thawte, Inc.

Valid from:

2/14/2011 1:00:00 AM

Valid to:

2/13/2013 12:59:59 AM

Subject:

CN=Link64 GmbH, OU=Secure Application Development, O=Link64 GmbH, L=Karlsruhe, S=BW, C=DE

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

15F5E6DF4214F9A5312FC2CB4F217D16

File PE Metadata

Compilation timestamp:

7/3/2012 4:47:55 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

12288:vYYPscD1rvcyUesvfBYATXvXMwGcJAFONg6eITibhgM77XSLyrCVWT9dyeYSA59:vtPfD1rvcwa/hzeIWbuM6WrCcT2eHA5

Entry address:

0x8F165

Entry point:

83, 7C, 24, 08, 01, 75, 05, E8, A1, E2, 00, 00, FF, 74, 24, 04, 8B, 4C, 24, 10, 8B, 54, 24, 0C, E8, ED, FE, FF, FF, 59, C2, 0C, 00, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 3C, F4, 10, 10, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 3C, F4, 10, 10, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF... 
[+]

Code size:

748 KB (765,952 bytes)

The file Startpage24Dyn.dll has been discovered within the following program.

Startpage24 by Link64

This adware program that plugs into the user's web browser will hijack the home and search pages.

www.startpage24.com/webpage/en

68% remove it

Remove Startpage24Dyn.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.