home

the_blinkx_shook.dll

SearchHook Module

Blinkx

The module the_blinkx_shook.dll by Blinkx has been detected as adware by 4 anti-malware scanners. It is installed within the context of Internet Explore as a URL search hook with the name ‘the blinkx toolbar’.
Publisher:
Blinkx  (signed and verified)

Product:
SearchHook Module

Version:
1, 0, 0, 1

MD5:
5a535280bd4d472fe08bfd1bdd64d7db

SHA-1:
6b5f38151cbbe3115e869c9d4a9847f6c366a343

SHA-256:
82c5097c665a4b5fae1b9b0ba2a2ffa1ad092335ba472e82b4b82734780a21c3

Scanner detections:
4 / 68

Status:
Adware

Analysis date:
12/26/2024 12:43:48 AM UTC  (today)

Scan engine
Detection
Engine version

Fortinet FortiGate
Misc/PUP
2/20/2014

McAfee
Artemis!5A535280BD4D
5600.7214

Panda Antivirus
Adware/SearchHook
14.02.20.11

Reason Heuristics
PUP.Toolbar.Blinkx.Q
14.12.11.23

File size:
41.3 KB (42,240 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright 1998

Original file name:
SearchHook.DLL

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\blinkx remote toolbar\the_blinkx_shook.dll

Digital Signature
Signed by:
Blinkx

Authority:
VeriSign, Inc.

Valid from:
5/13/2008 7:30:00 PM

Valid to:
5/14/2011 7:29:59 PM

Subject:
CN=Blinkx, OU=Blinkx, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Blinkx, L=San Francisco, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5A782BE720091AA3168A3D042724408F

Registration
CLSIDs:
{C5067F59-9D0D-11D2-AA90-000000000567}, {F08555B0-9CC3-11D2-AA8E-000000000567}

ProgIDs:
SearchHook.URLSearchHook.1, SearchHook.SrchHook.1

COM registered:
Yes

File PE Metadata
Compilation timestamp:
1/23/2009 12:37:30 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:w0aqJZFTc3nOZB98NHzUqCTuioWdLjVby:BaUOnaUTUqCSiTVy

Entry address:
0x36D2

Entry point:
FF, 74, 24, 0C, FF, 74, 24, 0C, FF, 74, 24, 0C, E8, 35, D9, FF, FF, C2, 0C, 00, FF, 15, 80, 40, 00, 10, 33, C0, C3, A1, 40, 55, 00, 10, 56, 85, C0, 75, 13, FF, 74, 24, 08, 50, FF, 35, E0, 54, 00, 10, FF, 15, 9C, 40, 00, 10, 5E, C3, 8B, 0D, 44, 55, 00, 10, 8B, 15, 3C, 55, 00, 10, FF, 05, 44, 55, 00, 10, 23, D1, 8B, 34, 90, 8B, 44, 24, 08, 83, C0, 08, 50, 6A, 00, 56, FF, 15, 9C, 40, 00, 10, 85, C0, 74, 07, 89, 30, 83, C0, 08, 5E, C3, 33, C0, 5E, C3, 8B, 44, 24, 04, 33, C9, 3B, C1, 75, 0B, FF, 74, 24, 08, E8...
 
[+]

Code size:
12 KB (12,288 bytes)

Internet Explorer URL Search Hook
CLSID:
{F08555B0-9CC3-11D2-AA8E-000000000567}

CLSID name:
the blinkx toolbar


Remove the_blinkx_shook.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.