laflurlabho.dll

Laflurla

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module laflurlabho.dll by Laflurla has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Laflurla 1.0.0.6’. Additionally, the file is typically installed by a number of programs including Laflurla by Yontoo Technology, Inc. and Buzzdock by Alactro LLC, both potentially unwanted software.
Publisher:
Laflurla  (signed and verified)

Product:
Laflurla

Version:
1.0.0.6

MD5:
e43ffed12e7eb3266ae4fb0d5a7c255a

SHA-1:
6445969021969f57012874a833354ab502683df0

SHA-256:
d28b75843099a0aaec3758bfb97b25ad7d8b97250381f337e86a76abdf62e48a

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:
11/5/2024 6:54:47 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Yontoo (M)
17.2.18.20

File size:
244.3 KB (250,144 bytes)

Product version:
1.0.0.6

Copyright:
(c) Laflurla. All rights reserved.

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\laflurla\laflurlabho.dll

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
2/4/2014 12:00:00 AM

Valid to:
2/4/2015 11:59:59 PM

Subject:
CN=Laflurla, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Laflurla, L=Santa Monica, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0541E25DBE69A2BC84C39AB35093A301

File PE Metadata
Compilation timestamp:
1/8/2015 1:33:58 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0x12854

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 41, 8D, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 70, 30, 03, 10, E8, BD, 01, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, E4, 77, 03, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, FC, A4, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
6.3571

Developed / compiled with:
Microsoft Visual C++

Code size:
159 KB (162,816 bytes)

Internet Explorer BHO
Display name:
Laflurla 1.0.0.6

CLSID:
{b4a89cd3-c5f5-49c4-abcf-5f26d636476f}


The file laflurlabho.dll has been discovered within the following programs.

Buzzdock  by Alactro LLC
This is a web browser extension that injects advertising. From the EULA: "Buzzdock is free to download and use. Buzzdock is supported by advertising, and users will see additional ads on websites where Buzzdock features operate.
www.buzzdock.com/faq-support
79% remove it
Laflurla  by Yontoo Technology, Inc.
The software injects advertisements in the user's web browser. "You are seeing Laflurla ads because you installed Laflurla on your computer. In order to keep Laflurla free, it is supported by advertisements on the websites on which it functions.
www.laflurla.com/review#ata
88% remove it
 
Powered by Should I Remove It?

Remove laflurlabho.dll - Powered by Reason Core Security