dca-bho.dll

DCA BHO

Compete Inc

The module dca-bho.dll by Compete Inc has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘DCA’.
Publisher:
Compete, Inc.  (signed by Compete Inc)

Product:
DCA BHO

Version:
1.0.0.2843

MD5:
d8e7b15051c126b233764a6361aad107

SHA-1:
47c3d74cc3974cc0fe5deb8d2136a7afcb4624e4

SHA-256:
f16edd6b1d6de7a3d25699fc04ed7319fe77315ec6af85767e1614705502512a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 1:09:16 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Compete (M)
16.1.25.6

File size:
313.9 KB (321,416 bytes)

Product version:
1.0.0.2843

Copyright:
2008 (c) Compete, Inc. All rights reserved.

Original file name:
dca-bho.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\consumer input\dca-bho.dll

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/4/2009 6:00:00 PM

Valid to:
1/11/2012 5:59:59 PM

Subject:
CN=Compete Inc, OU=operations, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Compete Inc, L=Boston, S=Massachusetts, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
05939B8CAA8D72A48138235B1801AAB5

Registration
CLSID:
{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}

ProgID:
dcabho.Dca.1

COM registered:
Yes

File PE Metadata
Compilation timestamp:
3/17/2009 1:28:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
3072:jFpOPy308N4DlHQcaHWf7j8/B1iADhlLyB6y3NMFrUAWcv7dhJGJAiMLupHOlq4i:jmaN+Q48Ly9MFgAm+IHOlqwGr

Entry address:
0x2804A

Entry point:
83, 7C, 24, 08, 01, 75, 05, E8, 20, 03, 00, 00, FF, 74, 24, 04, 8B, 4C, 24, 10, 8B, 54, 24, 0C, E8, CD, FE, FF, FF, 59, C2, 0C, 00, CC, 68, F0, 79, 02, 10, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, BC, 44, 04, 10, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, CC, CC, CC, CC, CC...
 
[+]

Entropy:
6.1381

Code size:
184 KB (188,416 bytes)

Internet Explorer BHO
Display name:
DCA

CLSID:
{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}

CLSID name:
Consumer Input


Remove dca-bho.dll - Powered by Reason Core Security