iebho.dll

MusicLab LLC

The module iebho.dll by MusicLab has been detected as a potentially unwanted program by 2 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘UrlHelper Class’. Additionally, the file is typically installed by a number of programs including Wincore MediaBar by Musiclab, LLC and MediaBar by Musiclab, LLC, both potentially unwanted software.
Publisher:
MusicLab LLC  (signed and verified)

MD5:
d448152bf65b35a8477952966a317717

SHA-1:
44c878faec4dd65541ff1d9138d7ca22b1cb210b

SHA-256:
dc242b4ff02a011a07ccade0249869c9890a6509832f3f8dd86441cf1e98e2ed

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 1:08:06 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Toolbar.SearchSuite
7.8730

Reason Heuristics
PUP.BHO.MusicLab.F
14.2.20.20

File size:
704.9 KB (721,840 bytes)

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\bearshare applications\mediabar\datamngr\iebho.dll

Digital Signature
Signed by:

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
5/28/2010 2:00:00 AM

Valid to:
5/29/2011 1:59:59 AM

Subject:
CN=MusicLab LLC, OU=SECURE APPLICATION DEVELOPMENT, O=MusicLab LLC, L=New York, S=New York, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
420322A094ED9B312AA248555D789C37

Registration
CLSID:
{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}

ProgID:
BearShareIEHelper.UrlHelper.1

COM registered:
Yes

File PE Metadata
Compilation timestamp:
2/8/2011 6:10:57 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:LTbkR/KBslgfaY76mnwBTnPoRYWDC4qyJpksz+1o7FcT/RDLtvmJQEM:LTbkpblWwypD6qFC/hLt+aH

Entry address:
0x509E7

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 07, 7F, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, 68, B0, EA, 04, 10, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 98, 35, 0A, 10, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, CC, CC...
 
[+]

Code size:
510 KB (522,240 bytes)

Internet Explorer BHO
CLSID:
{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}

CLSID name:
UrlHelper Class


The file iebho.dll has been discovered within the following programs.

MediaBar  by Musiclab, LLC
Musiclab MediaBar (Visicom Media Inc) is an ad-supported (users may see additional banner, search, pop-up, pop-under, interstitial and in-text link advertisements) cross web browser plugin for Internet Explorer (BHO) and Firefox/Chrome (plugin) and distributed through various monitization platforms during installation.
www.bearshare.com
68% remove it
Wincore MediaBar  by Musiclab, LLC
Wincore Mediabar is a type of browser hijacker instaled in Google Chrome, Internet Explorer, and Mozilla Firefox browsers and modifies DNS settings in MS Windows hosts file in order to redirect your legitimate search traffic to associated 'parnter' advertising sites.
82% remove it
 
Powered by Should I Remove It?

Remove iebho.dll - Powered by Reason Core Security