joshProtocolOutlookAddIn.proxy.dll

josh Protocol! Outlook Add-in

IT Consult

The module joshProtocolOutlookAddIn.proxy.dll, “josh Protocol! Outlook Add-in Proxy” by IT Consult has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
IT Consult  (signed and verified)

Product:
josh Protocol! Outlook Add-in

Description:
josh Protocol! Outlook Add-in Proxy

Version:
4.3.0.0

MD5:
f02fe0fd4113da7627dcbd164b9f4a1a

SHA-1:
446de0aec1d82779567c137bf3d25bd642ef6143

SHA-256:
fd7b0f735ffddf9d56ec5befe4b6b3b4e0643b3c4e0c18bdb63d7ba3f043afd0

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 3:31:44 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonetize (M)
16.11.30.17

File size:
861.9 KB (882,576 bytes)

Product version:
4.3.0.0

Copyright:
Copyright © it Consult 2014

Original file name:
joshProtocolOutlookAddIn.proxy.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\appdata\local\assembly\dl3\omrnng1z.51b\dtawnlhl.l56\35d27982\009820b0_8818d101\joshprotocoloutlookaddin.proxy.dll

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
6/11/2015 2:00:00 AM

Valid to:
7/11/2016 1:59:59 AM

Subject:
CN=IT Consult, O=IT Consult, L=Fermignano, S=Pesaro e Urbino, C=IT

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
61F7EF0A7B558B6BEB54449ABFC0146E

File PE Metadata
Compilation timestamp:
10/1/2015 12:31:27 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:FMuoUr5z7ICqj/sdgsABOqnBGyu+FDvCCbV8QHBBr1U8waL7qddbswXrJVCGYZS3:FZr5zwjvxXRq1XrJVpYi3WKZffu2

Entry address:
0xD705E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
852.5 KB (872,960 bytes)

Remove joshProtocolOutlookAddIn.proxy.dll - Powered by Reason Core Security