» bho.dll
Overview
Analysis
File Details
Behaviors (1)

bho.dll

ART LODZHYSTІK TOV

The module bho.dll by ART LODZHYSTІK TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘WebOptimizer Class’. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.

File name:

bho.dll

Publisher:

ART LODZHYSTІK TOV (signed and verified)

Version:

1.0.0.1

MD5:

fdf06d7c576f8723a1ca39409c72ad37

SHA-1:

663dd5073c6a9a9fd0ae6bd8db9ffdd8d8654ca9

SHA-256:

60f5fb9e52d4b72ea9e866cf43a4999caccfc4a50d62ac39340b5e01fc2844fc

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

1/6/2025 12:09:41 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Amonetize.ARTLODZH (M)

16.3.8.15

File size:

137.2 KB (140,472 bytes)

Product version:

1.0.0.1

Original file name:

bho.dll

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\windows\syswow64\config\systemprofile\appdata\roaming\weboptimizer\bho.dll

Digital Signature

Signed by:

ART LODZHYSTІK TOV

Authority:

Thawte, Inc.

Valid from:

10/10/2014 4:00:00 AM

Valid to:

10/11/2015 3:59:59 AM

Subject:

CN=ART LODZHYSTІK TOV, O=ART LODZHYSTІK TOV, L=Odessa, S=Odessa, C=UA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

78560400D4F1812C8E1FA6BDC7FC9095

File PE Metadata

Compilation timestamp:

10/16/2014 12:03:55 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

10.0

CTPH (ssdeep):

1536:KNY9TrEo+geOTYW8qqfxVURN7nmiuBrnDCcEnUWHhI/LIvTql/LmQmdcX59z:b5pTgNVMnKwjI/AqlDmQPX59z

Entry address:

0xB533

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, EE, 42, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 6A, 0C, 68, 00, B6, 01, 10, E8, 7E, 15, 00, 00, 6A, 0E, E8, DD, 44, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, C8, EA, 01, 10, BA, C4, EA, 01, 10, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, F8, D0, FF, FF, 59, FF, 76, 04, E8, EF, D0, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00... 
[+]

Code size:

83.5 KB (85,504 bytes)

Internet Explorer BHO

CLSID:

{C0173A2E-3103-4954-AB8D-CD3C1D4B082A}

CLSID name:

WebOptimizer Class

Remove bho.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.