ohogbnd.exe

TV Time

Ratio Applications

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The application ohogbnd.exe by Ratio Applications has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “oHoGbnd”.
Publisher:
Ratio Applications  (signed and verified)

Product:
TV Time

Description:
TVTime Service

Version:
1.0.0.0

MD5:
84c10e4d0d9ef820ec1acf34ed5f73f3

SHA-1:
c2d9f68662e09f555f082c39c69913314fe9f8fc

SHA-256:
2ee7262f7b720b49ee881bb9183b04beb9691d8e8350dd5556d535a6f41d6cf1

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
12/25/2024 4:46:37 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Injekt (M)
16.12.3.12

File size:
2.6 MB (2,726,240 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Ratio Applications 2014

Original file name:
TVTimeService.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\nnwxpfst\ohogbnd.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
3/31/2014 9:00:00 PM

Valid to:
4/1/2015 8:59:59 PM

Subject:
CN=Ratio Applications, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ratio Applications, L=St. James, S=St. James, C=BB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
352ECA57D8FB6A999A86A031DD989803

File PE Metadata
Compilation timestamp:
11/24/2014 3:37:16 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:CMo+RPQEWEEqvTh8If1VtJCw5pEifKO9iF/2HxenM81z1EOzubRIPaxhZ4zn:lo+RPfWEEqviIdVHz5b1knM8Jt61aaxE

Entry address:
0x29958E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.6 MB (2,717,184 bytes)

Service
Display name:
oHoGbnd

Type:
Win32OwnProcess

Depends on:
Winmgmt CryptSvc


Remove ohogbnd.exe - Powered by Reason Core Security