common.dll

ReboundAlert

WebAppTech Coding LLC

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The module common.dll by WebAppTech Coding has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘ReboundAlert’.
Publisher:
WebAppTech Coding, LLC  (signed by WebAppTech Coding LLC)

Product:
ReboundAlert

Version:
2.5.86

MD5:
12760fbbbf2437421f5607a9b0440563

SHA-1:
269ad146ef7fccbb13a81dd3ce08cb571a0037e9

SHA-256:
1b199430bfcfc27e9ed5a50bcdf7f04814709a42c506fa543afa1321ceffd642

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
11/23/2024 10:48:37 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Injekt (M)
16.12.2.14

File size:
383.1 KB (392,328 bytes)

Product version:
2.5.86

Copyright:
(c) WebAppTech Coding, LLC

Original file name:
common.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\reboundalert\ie\common.dll

Digital Signature
Authority:
COMODO CA Limited

Valid from:
1/15/2013 7:00:00 PM

Valid to:
1/16/2014 6:59:59 PM

Subject:
CN=WebAppTech Coding LLC, O=WebAppTech Coding LLC, STREET="2885 Sanford Ave SW #18716", L=Grandville, S=MI, PostalCode=49418, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00ED976277604B937F55FA8DF427C5B534

File PE Metadata
Compilation timestamp:
2/22/2013 2:50:22 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:PbZqTnmsWgFubjbCrgfIxiqlL9KGrATXd5BzC4zYPKzFqeNw:zZiunbCr4Ixi69K9TXd7zDqeNw

Entry address:
0x15A2E

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 22, 5D, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, A0, 9C, 04, 10, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, 1C, C2, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, 0C, C2, FF, FF, 8B, 45, 08, F6, 40...
 
[+]

Entropy:
6.6508

Code size:
232.5 KB (238,080 bytes)

Internet Explorer BHO
Display name:
ReboundAlert

CLSID:
{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}


Remove common.dll - Powered by Reason Core Security