res.dll

SE

Eli Dahan

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The module res.dll by Eli Dahan has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program SkypEmoticons by Daniel Hareuveni which is a potentially unwanted software program.
Publisher:
SkypEmoticons  (signed by Eli Dahan)

Product:
SE

Description:
SkypeEmoticons

Version:
1.0.0.1

MD5:
48d96ec3195f352396e634b7c413d25a

SHA-1:
a95d692e295074524b10cde4b7b9cf3017292adf

SHA-256:
bc539cce009a95bfdfa7c064f9d3c0db5d9e98e2ad2ae61adb573c8f238ae0e5

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 12:45:22 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WebPick (M)
17.2.25.9

File size:
5 MB (5,263,264 bytes)

Product version:
1.0.0.1

Copyright:
WEBSOURCE Technology ltd. All rights recerved.

Original file name:
SE.exe

File type:
Dynamic link library (Win32 DLL)

Language:
Russian (Russia)

Common path:
C:\users\{user}\appdata\roaming\skypemoticons\res.dll

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
6/9/2013 6:00:00 PM

Valid to:
6/10/2014 5:59:59 PM

Subject:
CN=Eli Dahan, O=Eli Dahan, STREET=Halapid 3, L=Ramat Gan, S=Center, PostalCode=52573, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00864002C7281B93C1609931176B93A6AE

File PE Metadata
Compilation timestamp:
4/2/2014 4:32:04 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x53E910

Entry point:
80, 7C, 24, 08, 01, 0F, 85, D9, 01, 00, 00, 60, BE, 00, 00, 04, 10, 8D, BE, 00, 10, FC, FF, 57, 83, CD, FF, EB, 0D, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Entropy:
7.7741

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 - v1.22, 0x

Code size:
5 MB (5,238,784 bytes)

The file res.dll has been discovered within the following program.

SkypEmoticons  by Daniel Hareuveni
During installation the software bundles various potentially unwanted programs (InstallMate, SearchNewTab, StarApp) as well as modifies the use's web browser home and search pages to wisesearch.info.
skypemoticons.com
86% remove it
 
Powered by Should I Remove It?

Remove res.dll - Powered by Reason Core Security