» wbshld.384b48e6dc83.dll
Overview
Analysis
File Details

wbshld.384b48e6dc83.dll

Parallel Lines Development, LLC

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The module wbshld.384b48e6dc83.dll by Parallel Lines Development has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

Publisher:

Parallel Lines Development, LLC (signed and verified)

MD5:

22d3fdea4b192ca1065ddfe297b6e6d6

SHA-1:

1b4a10515159024fd648ddf83ec8a4bedc1f69b2

SHA-256:

a0287c4b3f36582c045435c6f4fa156bd4da2ace80c8b83eaaa654ad301ca56d

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:

4/19/2024 5:56:20 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Injekt (M)

16.10.30.23

File size:

1 MB (1,091,456 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\windows\syswow64\wbshld.384b48e6dc83.dll

Digital Signature

Signed by:

Parallel Lines Development, LLC

Authority:

VeriSign, Inc.

Valid from:

6/5/2013 5:30:00 AM

Valid to:

6/6/2014 5:29:59 AM

Subject:

CN="Parallel Lines Development, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Parallel Lines Development, LLC", L=San Diego, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

064A26D7B85E090E11BEBC6B460594A8

File PE Metadata

Compilation timestamp:

11/9/2013 6:41:58 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:WRCTXytO4zntpme65nYk8u5df8YUHd6mHwN5/7WPXDhulu5/TBV/0:DOQ4Wp5z8umwXDIXwliTzM

Entry address:

0xA6C64

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 12, C1, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 74, 40, 10, 10, 00, 74, 05, E9, 65, C1, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03... 
[+]

Entropy:

6.2501

Code size:

760.5 KB (778,752 bytes)

Remove wbshld.384b48e6dc83.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.