» updatebhowin32.dll
Overview
Analysis
File Details
Behaviors (1)
Programs (2)

updatebhowin32.dll

Browser Companion Helper Verifier

Blabbers Communications Ltd

Part of Blabbers, a potentially unwanted browser application that may hijack or interfere with the browser's standard web searching behaviors in order to display ads. The module updatebhowin32.dll by Blabbers Communications has been detected as adware by 4 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Update Timer’. Additionally, the file is typically installed by a number of programs including BrowserCompanion by Blabbers Communications LTD and GinyasBrowserCompanion by Blabbers Communications LTD, both potentially unwanted software.

File name:

updatebhowin32.dll

Publisher:

Blabbers Communications Ltd (signed and verified)

Product:

Browser Companion Helper Verifier

Version:

1.0.0.2

MD5:

22d56c25dd1bc95f7558bbf3b830ff62

SHA-1:

79454306912f2b6ec4115260ed5612f12ccb103c

SHA-256:

fe0eb59ba12e2b0180c1557ed99b6f02d611f1dba78158d6566211a3e2242bbe

Scanner detections:

4 / 68

Status:

Adware

Explanation:

Part of the Kango web browser extension/toolbar framework.

Analysis date:

4/25/2024 8:26:36 PM UTC (today)

Scan engine

Detection

Engine version

Boost by Reason

Optional.BHO.BlabbersCommunications.O

188838

Dr.Web

Adware.Shopper.303

9.0.1.0241

ESET NOD32

Win32/BrowserCompanion

7.9082

Reason Heuristics

PUP.Kango.BHO.O

14.8.7.17

File size:

137.8 KB (141,104 bytes)

Product version:

1.0.0.2

Original file name:

updatebho.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\browsercompanion\updatebhowin32.dll

Digital Signature

Signed by:

Blabbers Communications Ltd

Authority:

The USERTRUST Network

Valid from:

2/9/2011 4:00:00 PM

Valid to:

2/10/2012 3:59:59 PM

Subject:

CN=Blabbers Communications Ltd, O=Blabbers Communications Ltd, STREET=Arad 3, L=Tel Aviv, S=Israel, PostalCode=43034, C=IL

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

00D561643A7697D633BCB565E2E1EF7365

Registration

CLSID:

{963B125B-8B21-49A2-A3A8-E37092276531}

ProgID:

updatebho.TimerBHO.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

12/17/2009 8:42:02 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:J4OJ7it1YkSBnNjqJCUcsikeSJtrce/+9T4Wz54gnC:TNqJCjsne+trH/+yWrC

Entry address:

0x8DEB

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 05, 6F, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 00, 01, 00, 00, 72, 0E, 83, 3D, 20, 01, 02, 10, 00, 74, 05, E9, B1, 6F, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1... 
[+]

Entropy:

6.3538

Code size:

88.5 KB (90,624 bytes)

Internet Explorer BHO

Display name:

Update Timer

CLSID:

{963B125B-8B21-49A2-A3A8-E37092276531}

CLSID name:

Browser Companion Helper Verifier

The file updatebhowin32.dll has been discovered within the following programs.

BrowserCompanion by Blabbers Communications LTD

BrowserCompanion is a third party web browser potentially unwanted add-in that used to be bundled with various freeware products including PC Performer. The maker of this program is a known adware distributor, so caution should be taken.

www.ginyas.com

85% remove it

GinyasBrowserCompanion by Blabbers Communications LTD

Ginyas Browser Companion is a browser extension (Browser Helper Object in IE) that promises to save time and money for users while shopping online. It is often install on a computer bundled with various third party programs.

ginyas.com

61% remove it

Remove updatebhowin32.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.