» common.dll
Overview
Analysis
File Details
Behaviors (1)

common.dll

Secure Web

Big Water Applications, LLC

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The module common.dll by Big Water Applications has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Secure Web’.

File name:

common.dll

Publisher:

Big Water Applications, LLC (signed and verified)

Product:

Secure Web

Version:

2.6.39

MD5:

64d1dca138149bf1aba11c838b93d998

SHA-1:

46db2eaf3a792be281cae2cb74c2f9cd48a3d36f

SHA-256:

3e5c398b6c2e4795b94187bc2b20a6689441f0f41631e5dfad76d3fd2c2b66ad

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:

9/8/2024 3:25:45 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Injekt (M)

17.2.21.12

File size:

383.1 KB (392,296 bytes)

Product version:

2.6.39

Original file name:

common.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\ProgramData\secureweb\ie\common.dll

Digital Signature

Signed by:

Big Water Applications, LLC

Authority:

COMODO CA Limited

Valid from:

4/22/2013 7:00:00 AM

Valid to:

4/23/2014 6:59:59 AM

Subject:

CN="Big Water Applications, LLC", O="Big Water Applications, LLC", STREET=640 Grand Ave, STREET=Suite E, L=Carlsbad, S=CA, PostalCode=92008, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0088DD6A4DF46D819C84B9E99D7A0530C5

Registration

CLSID:

{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}

ProgID:

DynConIE.DynConIEObject.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

9/19/2013 5:15:59 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

Entry address:

0x15A0C

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 14, 5D, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, A0, 9C, 04, 10, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, EE, C1, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, DE, C1, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, 19, 01, 00, 00, 8B, 4D, 10, 8D, 55, E8... 
[+]

Entropy:

6.6497

Code size:

232.5 KB (238,080 bytes)

Internet Explorer BHO

Display name:

Secure Web

CLSID:

{44ed99e2-16a6-4b89-80d6-5b21cf42e78b}

Remove common.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.