» DynConIE.dll
Overview
Analysis
File Details
Behaviors (1)

DynConIE.dll

FriendsChecker LLC

The module DynConIE.dll by FriendsChecker has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘FriendsChecker’.

File name:

DynConIE.dll

Publisher:

FriendsChecker (signed by FriendsChecker LLC)

Product:

FriendsChecker

Version:

2.1.27

MD5:

013fb9a6b25746aa49228b33dd1a4e6b

SHA-1:

0d7ccdea0d86e27224df71ae89f88209bec79f08

SHA-256:

d44f38720780775a443f2f79405e78f35c00dcb8e173f8eccd5ab139c1aad98e

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/23/2024 11:41:25 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

16.7.28.10

File size:

195.6 KB (200,256 bytes)

Product version:

2.1.27

FriendsChecker

Original file name:

DynConIE.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\friendschecker\dynconie\dynconie.dll

Digital Signature

Signed by:

FriendsChecker LLC

Authority:

GoDaddy.com, Inc.

Valid from:

3/19/2011 1:29:57 PM

Valid to:

3/18/2012 11:50:39 AM

Subject:

CN=FriendsChecker LLC, O=FriendsChecker LLC, L=Wilmington, S=DE, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

07C90A416C66BC

Registration

CLSID:

{FED6A736-129B-49C7-857E-25FC91E87DB3}

ProgID:

DynConIE.DynConIEObject.1

COM registered:

Yes

File PE Metadata

Compilation timestamp:

4/6/2011 8:48:35 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:eZKu4oVW+GsWYC8CsImEo0H/f1+tmPypdFImzzZ5kgLLxOwQ/BUmsLxtizfh:eD42W+Gsa8/Eo0ngtmPypTXg1

Entry address:

0x11799

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 91, 63, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 0F, 03, C1, 1B, C9, 0B, C1, 59, E9, 3A, C9, FF, FF, 51, 8D, 4C, 24, 08, 2B, C8, 83, E1, 07, 03, C1, 1B, C9, 0B, C1, 59, E9, 24, C9, FF, FF, B8, 88, 86, 01, 10, A3, 38, AB, 02, 10, C7, 05, 3C, AB, 02, 10, 6F, 7D, 01, 10, C7, 05, 40, AB, 02, 10, 23, 7D, 01, 10, C7, 05, 44, AB, 02, 10, 5C, 7D, 01, 10, C7, 05, 48, AB, 02... 
[+]

Entropy:

6.5659

Code size:

126 KB (129,024 bytes)

Internet Explorer BHO

Display name:

FriendsChecker

CLSID:

{FED6A736-129B-49C7-857E-25FC91E87DB3}

Remove DynConIE.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.