home

yestoplib.dll

Wetelecommunication

The module yestoplib.dll by Wetelecommunication has been detected as a potentially unwanted program by 25 anti-malware scanners.
Publisher:
Wetelecommunication  (signed and verified)

MD5:
b5c22c5cf8001e2aec8deef0c863366c

SHA-1:
98a1aa3fa83b7bcc9bea37cf48f8b8d2a06fa2ca

SHA-256:
2ec5f08d203f6a8b679c6ba77db1451312894781688a4efe164a15118d91188f

Scanner detections:
25 / 68

Status:
Potentially unwanted

Analysis date:
5/28/2024 7:44:29 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Kraddare.FO
386

AhnLab V3 Security
PUP/Win32.Helper
2016.01.12

Avira AntiVirus
ADWARE/SafeTerra.5451056
8.3.2.4

Arcabit
Adware.Kraddare.FO
1.0.0.642

avast!
Win32:Adware-gen [Adw]
2014.9-160115

AVG
Generic6
2017.0.2864

Bitdefender
Adware.Kraddare.FO
1.0.20.75

Comodo Security
ApplicUnwnt
23958

Emsisoft Anti-Malware
Adware.Kraddare.FO
8.16.01.15.10

ESET NOD32
Win32/Adware.SafeTerra (variant)
10.12855

Fortinet FortiGate
Riskware/SafeTerra
1/15/2016

F-Secure
Adware.Kraddare.FO
11.2016-15-01_6

G Data
Adware.Kraddare.FO
16.1.25

IKARUS anti.virus
PUA.SafeTerra
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.212.18398

McAfee
Artemis!B5C22C5CF800
5600.6520

MicroWorld eScan
Adware.Kraddare.FO
17.0.0.45

nProtect
Adware.Kraddare.FO
16.01.12.01

Qihoo 360 Security
Win32/Virus.Adware.a08
1.0.0.1077

Rising Antivirus
PE:Malware.Generic(Thunder)!1.A1C4 [F]
23.00.65.16113

Sophos
Generic PUA JI (PUA)
4.98

Trend Micro
TROJ_GEN.R02KC0OH815
10.465.15

VIPRE Antivirus
Trojan.Win32.Generic
46446

ViRobot
Adware.Agent.5451056[h]
2014.3.20.0

Zillya! Antivirus
Adware.SafeTerra.Win32.1
2.0.0.2603

File size:
5.2 MB (5,451,056 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\appdata\roaming\kaosko\yestoplib.dll

Digital Signature
Signed by:
Wetelecommunication

Authority:
VeriSign, Inc.

Valid from:
6/5/2014 9:00:00 AM

Valid to:
7/6/2015 8:59:59 AM

Subject:
CN=Wetelecommunication, O=Wetelecommunication, L=Gangseo-gu, S=Seoul, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
12D45AFCDDF4F7C11C754A87D29DF4AE

File PE Metadata
Compilation timestamp:
2/6/2015 10:15:49 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:zH9F2paXS/1JOSDvyUzlgd7JJ0pmKJ2d2x0JoMmgNHliFAd025HugnNTp1yTzZgz:zHL9Xug3JPJoDgNHliFe02zT1pAdC

Entry address:
0x45E5AC

Entry point:
55, 8B, EC, 83, C4, C0, B8, 48, F6, 84, 00, E8, 90, E1, BA, FF, E8, F7, 94, BA, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 32, 13, 00, 00...
 
[+]

Entropy:
6.6692

Developed / compiled with:
Microsoft Visual C++

Code size:
4.4 MB (4,576,768 bytes)

Remove yestoplib.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.