melondreabho.dll

melondrea

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The module melondreabho.dll by melondrea has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program melondrea by Yontoo Technology, Inc. which is a potentially unwanted software program.
Publisher:
melondrea  (signed and verified)

Product:
melondrea

Version:
1.0.0.3

MD5:
a96fbe0b9b7934686b1d94e699b1690e

SHA-1:
3e1ea3bbaa3e588f05ac7df8e8b97cc3d4558929

SHA-256:
f31a6c63c44f93e0c01addec65d0ef6b46335f24e879d24cff7d3a06c06e7e15

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:
11/23/2024 10:21:10 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Yontoo (M)
16.12.1.22

File size:
243.8 KB (249,632 bytes)

Product version:
1.0.0.3

Copyright:
(c) melondrea. All rights reserved.

Original file name:
melondreaIEClient.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\melondrea\melondreabho.dll

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
11/26/2013 6:00:00 PM

Valid to:
11/27/2014 5:59:59 PM

Subject:
CN=melondrea, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=melondrea, L=San Diego, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1E3D0BA5A8E3C43BCD552347B3BB8B2B

File PE Metadata
Compilation timestamp:
3/24/2014 4:35:16 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:m3zAFVxVbC/hm4w9uRil2D/IDJHedRpjP+j1IaIdIf59ayf:m3zeK92ukDIdHLY1ICx4yf

Entry address:
0x12844

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 41, 8D, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 30, 2D, 03, 10, E8, BD, 01, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 24, 68, 03, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 8C, A1, 02, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
6.3660

Developed / compiled with:
Microsoft Visual C++

Code size:
159 KB (162,816 bytes)

The file melondreabho.dll has been discovered within the following program.

melondrea  by Yontoo Technology, Inc.
This adware program injects advertisements with its affiliate ad providers in order to serve a number of ad types including banner, inline text links and popups.
melondrea.net/support
81% remove it
 
Powered by Should I Remove It?

Remove melondreabho.dll - Powered by Reason Core Security