» cnbccmnyo.dll
Overview
Analysis
File Details

cnbccmnyo.dll

Green Fire Software

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The module cnbccmnyo.dll by Green Fire Software has been detected as adware by 14 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup.

File name:

cnbccmnyo.dll

Publisher:

Green Fire Software (signed and verified)

MD5:

afb2c8f5e9f0fcf33ee0aed064850ed1

SHA-1:

c1dbf9fdc045debe1dffad08ef6a2d7ab2368cf6

SHA-256:

c1ad85f8669fe815e027976acbd1ef9435f3255449af81a9809e19f3cb8451e3

Scanner detections:

14 / 68

Status:

Adware

Explanation:

Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:

1/12/2025 4:58:24 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/Adware.Gen

7.11.160.194

AVG

Downloader

2015.0.3397

Baidu Antivirus

Adware.MSIL.PullUpdate

4.0.3.14721

Comodo Security

ApplicUnwnt

18857

ESET NOD32

MSIL/Adware.PullUpdate.C application

7.0.302.0

Fortinet FortiGate

Adware/PullUpdate

7/21/2014

IKARUS anti.virus

AdWare.MSIL.Adware

t3scan.1.6.1.0

K7 AntiVirus

Adware

13.180.12719

Malwarebytes

PUP.Optional.MovieMode.A

v2014.07.21.05

McAfee

Artemis!EED9269C9641

5600.7062

NANO AntiVirus

Riskware.Win32.AgentCV.dcydok

0.28.2.61148

Reason Heuristics

PUP.GreenFireSoftware.J

14.7.20.14

Sophos

Generic PUA AG

4.98

Trend Micro House Call

Suspicious_GEN.F47V0708

7.2.202

File size:

1.1 MB (1,177,968 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\ProgramData\kuqvqogthc\dat\cnbccmnyo.dll

Digital Signature

Signed by:

Green Fire Software

Authority:

VeriSign, Inc.

Valid from:

9/19/2013 9:00:00 PM

Valid to:

9/20/2014 8:59:59 PM

Subject:

CN=Green Fire Software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Green Fire Software, L=La Jolla, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

38E34FCC0FDD5E91FD5048A198AAABF1

File PE Metadata

Compilation timestamp:

6/12/2014 8:52:45 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:HhmgEGlbXaASsLoJktqV8UrVVZOr6OeshtZB2zTzsN:IKlTXSeoZVVZOr6wPZYToN

Entry address:

0xAF7F4

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 22, C1, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, D4, 70, 11, 10, 00, 74, 05, E9, 75, C1, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03... 
[+]

Code size:

814 KB (833,536 bytes)

Remove cnbccmnyo.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.