home

mgsimcommon.dll

simcommon

SweetIM Technologies Ltd

This is part of the Montera web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The module mgsimcommon.dll by SweetIM Technologies has been detected as adware by 6 anti-malware scanners. This will modify the wbe browser's home and search pages and search provider as well as display various advertisements. The file has been seen being downloaded from www.telecharger-dll.fr and multiple other hosts.
Publisher:
SweetIM Technologies Ltd.  (signed by SweetIM Technologies Ltd)

Product:
simcommon

Version:
3, 7, 0, 7

MD5:
fb50287f1df545531617609088f8a21b

SHA-1:
73987118d6f1799b0b29db00bf7248b20347bb46

SHA-256:
a26d0d75c2533261f589eb3913a9e9d4e94cb314191556206eee976403fee46e

Scanner detections:
6 / 68

Status:
Adware

Analysis date:
11/14/2024 9:15:05 PM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Adware.SweetIM.L
2013.8.29.4

Dr.Web
Adware.SweetIM.19
9.0.1.0352

Malwarebytes
PUP.Optional.SweetIM
v2013.12.18.12

Reason Heuristics
PUP.SweetIM.L
14.8.7.19

Trend Micro House Call
TROJ_GEN.F47V0812
7.2.219

VIPRE Antivirus
Sweetpacks/SweetIM
24192

File size:
96.3 KB (98,648 bytes)

Product version:
3.7.0.7

Copyright:
Copyright © 2008 SweetIM Technologies Ltd.

Original file name:
mgsimcommon.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\sweetim\messenger\mgsimcommon.dll

Digital Signature
Signed by:
SweetIM Technologies Ltd

Authority:
VeriSign, Inc.

Valid from:
1/10/2011 1:00:00 AM

Valid to:
2/5/2014 12:59:59 AM

Subject:
CN=SweetIM Technologies Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=SweetIM Technologies Ltd, L=Ra'anana, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5E3BF2B52DA9EA7F1B539A7F018F4EC6

File PE Metadata
Compilation timestamp:
10/4/2012 4:31:44 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
3072:GmZHMcjZwnp0TUq/raqvfEyjIRQl4zKOJqPvPc5MP8CBfRc:3CpzmXzPfBpc

Entry address:
0x9AB4

Entry point:
6A, 0C, 68, 38, BE, 00, 10, E8, EC, 00, 00, 00, 33, C0, 40, 89, 45, E4, 33, FF, 89, 7D, FC, 8B, 75, 0C, 3B, F7, 75, 0C, 39, 3D, C0, 22, 01, 10, 0F, 84, AC, 00, 00, 00, 3B, F0, 74, 05, 83, FE, 02, 75, 31, A1, C8, 22, 01, 10, 3B, C7, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D0, 89, 45, E4, 39, 7D, E4, 0F, 84, 85, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, E5, FE, FF, FF, 89, 45, E4, 3B, C7, 74, 72, 8B, 5D, 10, 53, 56, FF, 75, 08, E8, CB, B3, FF, FF, 89, 45, E4, 83, FE, 01, 75, 0E, 3B, C7, 75, 0A, 53, 57, FF...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
40 KB (40,960 bytes)

The file mgsimcommon.dll has been seen being distributed by the following 2 URLs.

http://www.telecharger-dll.fr/download.php?dll=mgsimcommon.dll

http://www.descargar-dll.es/download.php?dll=mgsimcommon.dll

Remove mgsimcommon.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.