DynLib.dll

Mezaa

This is part of the Sendori web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The module DynLib.dll, “DynDNS® Dynamic Link Library” by Mezaa has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Mezaa  (signed and verified)

Product:
Mezaa

Description:
DynDNS® Dynamic Link Library

Version:
3.0.2

MD5:
45b3be89df0de0e83e4ff4079875f7f5

SHA-1:
bb7870ab44d0c29c25e0f4f249b68c2cbd82b6ba

SHA-256:
0f4b7f03567c68ff11a9ecefff1ccc4e94643dba7f3523c017a081b620754ebe

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 1:49:56 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Sendori (M)
16.9.24.21

File size:
270.2 KB (276,712 bytes)

Product version:
3.0.2

Copyright:
© Dynamic Network Services, Inc.

Trademarks:
DynDNS®

Original file name:
DynLib.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\mezaa\dynlib.dll

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
6/25/2014 5:30:00 AM

Valid to:
6/25/2017 5:29:59 AM

Subject:
CN=Mezaa, O=Mezaa, L=San Leandro, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5882CB787D2A279BB379C1F4594407F9

File PE Metadata
Compilation timestamp:
10/7/2014 4:22:14 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:eZW/+lHQKMaZFGxDUPGrMwlQGc0l9RAGoU5aRepwWyRUxvdIdFDatB0fpLkX+f4f:gcW0MwCohQeavOxvdIDKB0lkXlVV

Entry address:
0x1C095

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, F1, AB, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, E8, E4, 03, 10, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, EC, E4, 03, 10, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, B9, 88, 00, 00, 85, C0, 75, 06, B8, 50, E6, 03, 10, C3, 83, C0, 08, C3, E8, A6, 88, 00, 00, 85, C0, 75...
 
[+]

Entropy:
6.6165

Code size:
197 KB (201,728 bytes)

Remove DynLib.dll - Powered by Reason Core Security