ieclient.dll

Super Web LLC

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module ieclient.dll by Super Web has been detected as adware by 7 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Web Layers’. This file is typically installed with the program Web Layers 3.0.0 by Yontoo Technology, Inc. which is a potentially unwanted software program. It will plug into the web browser and display context-based advertisements by overwriting existing ads or by inserting new ones on various web pages.
Publisher:
Web Layers  (signed by Super Web LLC)

Product:
Web Layers

Version:
1.0.0.1

MD5:
5634c78e26d8776954e24707036b4569

SHA-1:
196d3ce1054f6b710107f35e519d287805bdb4a5

SHA-256:
8dc80719f462a00705cb594d42bc1b5ddaedfb4f18f26695b0b56755717d2658

Scanner detections:
7 / 68

Status:
Adware

Explanation:
Injects advertising in the web browser in various formats.

Analysis date:
11/9/2024 12:29:17 AM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
Application.Win32.Altbrowse.AK
18393

ESET NOD32
Win32/BrowseFox (variant)
9.9875

G Data
Win32.Application.BrowseFox
15.8.24

Malwarebytes
PUP.Optional.WebLayers.A
v2015.08.09.11

Reason Heuristics
PUP.Yontoo.SuperWeb (M)
15.8.9.11

Sophos
SuperWeb
4.98

VIPRE Antivirus
Yontoo
29802

File size:
145.8 KB (149,288 bytes)

Product version:
1.0.0.1

Copyright:
(c) Web Layers. All rights reserved.

Original file name:
Web LayersIEClient.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\web layers\ieclient.dll

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
12/13/2012 6:00:00 PM

Valid to:
12/14/2013 5:59:59 PM

Subject:
CN=Super Web LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Super Web LLC, L=Los Angeles, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4119CF85506B9920A6B0FFA138C96637

File PE Metadata
Compilation timestamp:
7/23/2013 3:16:23 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1536:HtOS7slomkzDEcv5HPBASfu4sweQ76u4YY19MQtobcWE231sWjcdENCPydiQCAZ1:gbchZ2wRe5xokHENCPydiQCAY8N

Entry address:
0x9F04

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 60, 6B, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 50, E4, 01, 10, E8, BD, 01, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 10, 1D, 02, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 44, 8D, 01, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
6.3854

Developed / compiled with:
Microsoft Visual C++

Code size:
88.5 KB (90,624 bytes)

Internet Explorer BHO
Display name:
Web Layers

CLSID:
{976d7863-9e6c-4066-8c67-0993db9de35f}


The file ieclient.dll has been discovered within the following program.

Web Layers 3.0.0  by Yontoo Technology, Inc.
Web Layers is a web browser extension and toolbar that delivers contextual based advertising as well as modify the user's web browser home and search pages to provide advertising and search.
weblayers.co/support
81% remove it
 
Powered by Should I Remove It?

Remove ieclient.dll - Powered by Reason Core Security