» WeSkin.DLL
Overview
Analysis
File Details

WeSkin.DLL

Weather

Zango

The module WeSkin.DLL, “Weather Skin Module” by Zango has been detected as adware by 26 anti-malware scanners.

File name:

WeSkin.DLL

Publisher:

Zango, Inc. (signed by Zango)

Product:

Weather

Description:

Weather Skin Module

Version:

10.3.79.0

MD5:

f7dcaf96feba543b8fd23a7ce092188f

SHA-1:

bfaeca1c84340ea686ed906a2c1ae7a361e6e011

SHA-256:

a13e17fe0ac3ce315f1417c318cb196375b29fdfc661c4de1a0d9ba2d2ecae86

Scanner detections:

26 / 68

Status:

Adware

Analysis date:

4/16/2024 2:41:33 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Generic.118957

436

Avira AntiVirus

ADSPY/AdSpy.Gen

7.11.215.236

avast!

Win32:PUP-gen [PUP]

2014.9-151126

Bitdefender

Application.Generic.118957

1.0.20.1650

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.Hotbar-1905

0.98/21511

Comodo Security

Application.Win32.Adware.HotBar

21366

Dr.Web

Trojan.Click.23299

9.0.1.0330

ESET NOD32

Win32/Adware.HotBar

9.11300

Fortinet FortiGate

Adware/Hotbar

11/26/2015

F-Prot

W32/Adware.AFOH

v6.4.7.1.166

F-Secure

Adware:W32/Zango

11.2015-26-11_5

G Data

Application.Generic.118957

15.11.25

IKARUS anti.virus

AdWare.Zango.C

t3scan.1.8.6.0

Malwarebytes

Adware.Seekmo

v2015.11.26.11

McAfee

Artemis!F7DCAF96FEBA

5600.6570

MicroWorld eScan

Application.Generic.118957

16.0.0.990

NANO AntiVirus

Trojan.Win32.Click.cyhyxt

0.30.0.296

Reason Heuristics

PUP.Zango (M)

15.11.26.11

Sophos

180solutions

4.98

SUPERAntiSpyware

Adware.180solutions/Seekmo/Zango

9484

Trend Micro House Call

ADW_ZANGOSEARCT

7.2.330

Trend Micro

ADW_ZANGOSEARCT

10.465.26

Vba32 AntiVirus

AdWare.HotBar

3.12.26.3

VIPRE Antivirus

Zango.setup

38312

Zillya! Antivirus

Adware.HotBar.Win32.505

2.0.0.2093

File size:

429.3 KB (439,560 bytes)

Product version:

10.3.79.0

Original file name:

WeSkin.DLL

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\zango\bin\10.3.79.0\weskin.dll

Digital Signature

Signed by:

Zango

Authority:

VeriSign, Inc.

Valid from:

2/13/2008 4:00:00 PM

Valid to:

5/12/2010 4:59:59 PM

Subject:

CN=Zango, OU=Zango, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Zango, L=Bellevue, S=Washington, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

1CA00CAEA054614D44D3119B6DB48AD8

File PE Metadata

Compilation timestamp:

3/16/2009 4:16:48 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

6144:P/9mDy7HvjRuKLw8lCnAzKQyLrlP18W0CLlC:X9mDy0r84UyLrNoCo

Entry address:

0x9260

Entry point:

83, 7C, 24, 08, 01, 75, 05, E8, 36, 4D, 00, 00, FF, 74, 24, 04, 8B, 4C, 24, 10, 8B, 54, 24, 0C, E8, ED, FE, FF, FF, 59, C2, 0C, 00, 55, 8B, EC, 8B, 45, 14, 56, 57, 33, FF, 3B, C7, 74, 47, 39, 7D, 08, 75, 1B, E8, 30, 1A, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 6E, 20, 00, 00, 83, C4, 14, 8B, C6, EB, 29, 39, 7D, 10, 74, E0, 39, 45, 0C, 73, 0E, E8, 0B, 1A, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, D7, 50, FF, 75, 10, FF, 75, 08, E8, 6D, 4D, 00, 00, 83, C4, 0C, 33, C0, 5F, 5E, 5D, C3, 6A, 08, 68, 00... 
[+]

Entropy:

7.1062

Code size:

116 KB (118,784 bytes)

Remove WeSkin.DLL - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.