devcoLeadTool.dll

devcoLeadTool

timp

This is the bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The module devcoLeadTool.dll by timp has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Winner Download Manager installer.
Publisher:
devco  (signed by timp)

Product:
devcoLeadTool

Version:
1.00

MD5:
ed4037ad2275e795ebf0126783d0bf11

SHA-1:
b45e84d71a2541aba29274766b2677583779cf18

SHA-256:
84c1944952a10152f214e3c60fc7c770f019f475bef3cc964dce31e7d54cf6f2

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/27/2024 9:38:50 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TIMP (M)
17.3.1.3

File size:
90.6 KB (92,752 bytes)

Product version:
1.00

Original file name:
devcoLeadTool.dll

File type:
Dynamic link library (Win32 DLL)

Bundler/Installer:
Winner Download Manager

Language:
English (United States)

Common path:
C:\Program Files\rqa\devcoleadtool.dll

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
7/25/2001 12:00:00 AM

Valid to:
7/25/2002 11:59:59 PM

Subject:
E=timp@e-devco.com, CN=timp, OU=Digital ID Class 1 - Microsoft Full Service, OU=Persona Not Validated, OU="www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)98", OU=VeriSign Trust Network, O="VeriSign, Inc."

Issuer:
CN=VeriSign Class 1 CA Individual Subscriber-Persona Not Validated, OU="www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)98", OU=VeriSign Trust Network, O="VeriSign, Inc."

Serial number:
08CEC080B1D99D180014C44E1AE38551

File PE Metadata
Compilation timestamp:
10/20/2001 5:42:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x178C

Entry point:
5A, 68, 1C, 24, 01, 11, 68, 20, 24, 01, 11, 52, E9, E9, FF, FF, FF, 00, 00, 00, 58, 00, 00, 00, 30, 00, 00, 00, 50, 00, 00, 00, 40, 00, 00, 00, 41, 7E, AE, 12, 04, D0, D5, 45, A9, 68, 08, 36, 17, 78, 75, B7, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 01, 00, 00, 00, 64, 65, 76, 63, 6F, 4C, 65, 61, 64, 54, 6F, 6F, 6C, 00, 00, 00, 64, 65, 76, 63, 6F, 4C, 65, 61, 64, 54, 6F, 6F, 6C, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, A0, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.3515

Developed / compiled with:
Microsoft Visual Basic v6.0

Code size:
68 KB (69,632 bytes)

Remove devcoLeadTool.dll - Powered by Reason Core Security