Should I block it?

98%

Yes, 98% block recommendation.

Possible reason:

Multiple malware detections

Additional versions

c96ff	50.00%
0f161	50.00%

(Note, Banyan Tree Technology Limited publishes each variation of this file with the same version, but the hashes are unique.)

Relationships

PE file structure

Show functions

Import table

advapi32.dll

CryptHashData, CryptDestroyHash, CryptDecrypt, CryptDestroyKey, CryptCreateHash, CryptEncrypt, CryptDuplicateKey, CryptDeriveKey, CryptAcquireContextW, RegEnumKeyExW, RegSetValueExW, RegCloseKey, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW

kernel32.dll

GetFileSize, SetFilePointer, TlsGetValue, SetEndOfFile, InterlockedIncrement, UnlockFile, LockFile, GetSystemTimeAsFileTime, InitializeCriticalSection, TlsSetValue, LeaveCriticalSection, GetFileAttributesA, ReadFile, FlushFileBuffers, GetTempPathW, LockFileEx, CreateFileA, GetCurrentThreadId, TlsAlloc, GetTempPathA, GetSystemTime, DeleteFileA, FreeLibrary, LoadLibraryA, CompareStringW, WriteConsoleW, SetStdHandle, IsValidLocale, EnumSystemLocalesA, GetLocaleInfoA, GetUserDefaultLCID, GetFullPathNameA, GetFullPathNameW, GetVersionExW, LoadLibraryW, GetModuleFileNameW, GetVolumeInformationW, DeviceIoControl, GlobalFree, MultiByteToWideChar, GlobalAlloc, GetCurrentProcess, GetLastError, GetProcessHeap, GetTickCount, HeapFree, HeapAlloc, ExpandEnvironmentStringsW, CloseHandle, GetProcAddress, GetPrivateProfileIntW, CreateFileW, WriteFile, GetPrivateProfileStringW, GetModuleHandleW, GetPrivateProfileSectionNamesW, SetFileAttributesW, DeleteFileW, GetFileAttributesW, Sleep, WideCharToMultiByte, EnterCriticalSection, GetTimeZoneInformation, GetCurrentProcessId, QueryPerformanceCounter, GetEnvironmentStringsW, FreeEnvironmentStringsW, InterlockedDecrement, InterlockedCompareExchange, InterlockedExchange, GetStringTypeW, EncodePointer, DecodePointer, DeleteCriticalSection, GetCPInfo, GetCommandLineA, HeapReAlloc, RaiseException, RtlUnwind, LCMapStringW, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetACP, GetOEMCP, IsValidCodePage, TlsFree, SetLastError, IsProcessorFeaturePresent, HeapSize, ExitProcess, SetHandleCount, GetStdHandle, InitializeCriticalSectionAndSpinCount, GetFileType, GetStartupInfoW, HeapCreate, HeapDestroy, GetConsoleCP, GetConsoleMode, GetLocaleInfoW, GetModuleFileNameA, SetEnvironmentVariableA

shell32.dll

SHGetSpecialFolderPathW

user32.dll

wsprintfW

Export table

_sqlite3_key_interop@12

_sqlite3_rekey_interop@12

CreateProcessNotify

sqlite3_aggregate_context

sqlite3_aggregate_count

sqlite3_bind_blob

sqlite3_bind_double

sqlite3_bind_int

sqlite3_bind_int64

sqlite3_bind_null

sqlite3_bind_parameter_count

sqlite3_bind_parameter_index

sqlite3_bind_parameter_name

sqlite3_bind_text

sqlite3_bind_text16

sqlite3_bind_value

sqlite3_busy_handler

sqlite3_busy_timeout

sqlite3_changes

sqlite3_clear_bindings

sqlite3_close

sqlite3_collation_needed

sqlite3_collation_needed16

sqlite3_column_blob

sqlite3_column_bytes

sqlite3_column_bytes16

sqlite3_column_count

sqlite3_column_decltype

sqlite3_column_decltype16

sqlite3_column_double

sqlite3_column_int

sqlite3_column_int64

sqlite3_column_name

sqlite3_column_name16

sqlite3_column_text

sqlite3_column_text16

sqlite3_column_type

sqlite3_commit_hook

sqlite3_complete

sqlite3_complete16

sqlite3_create_collation

sqlite3_create_collation16

sqlite3_create_function

sqlite3_create_function16

sqlite3_data_count

sqlite3_db_handle

sqlite3_enable_shared_cache

sqlite3_errcode

sqlite3_errmsg

sqlite3_errmsg16

sqlite3_exec

sqlite3_expired

sqlite3_finalize

sqlite3_free

sqlite3_free_table

sqlite3_get_autocommit

sqlite3_get_auxdata

sqlite3_get_table

sqlite3_global_recover

sqlite3_interrupt

sqlite3_key

sqlite3_last_insert_rowid

sqlite3_libversion

sqlite3_libversion_number

sqlite3_mprintf

sqlite3_open

sqlite3_open16

sqlite3_prepare

sqlite3_prepare16

sqlite3_profile

sqlite3_progress_handler

sqlite3_rekey

sqlite3_reset

sqlite3_result_blob

sqlite3_result_double

sqlite3_result_error

sqlite3_result_error16

sqlite3_result_int

sqlite3_result_int64

sqlite3_result_null

sqlite3_result_text

sqlite3_result_text16

sqlite3_result_text16be

sqlite3_result_text16le

sqlite3_result_value

sqlite3_rollback_hook

sqlite3_set_authorizer

sqlite3_set_auxdata

sqlite3_snprintf

sqlite3_step

sqlite3_thread_cleanup

sqlite3_total_changes

sqlite3_trace

sqlite3_transfer_bindings

sqlite3_update_hook

sqlite3_user_data

sqlite3_value_blob

sqlite3_value_bytes

sqlite3_value_bytes16

sqlite3_value_double

sqlite3_value_int

sqlite3_value_int64

sqlite3_value_numeric_type

sqlite3_value_text

sqlite3_value_text16

sqlite3_value_text16be

sqlite3_value_text16le

sqlite3_value_type

sqlite3_vmprintf

eBP.dll

By Banyan Tree Technology Limited (Signed)

Remove eBP.dll

MD5:	c96ffd1c7e1a3251e572af247fa5b4b9
SHA1:	dc9c2024687c77f8435124d1de0f62625605cf52
SHA256:	708a863d91a5388a8963be01c93ca14b90243633a82b81eda6356e96eb06ad45

Warning 16 antivirus scanners has detected malware.

Overview

eBP.dll is malware that is loaded as dynamic link library that runs in the context of a process. This is typically installed with the program DProtect published by DProtect Lab and is most likely removed by most users once installed (78% removed). The file is digitally signed by Banyan Tree Technology Limited which was issued by the GlobalSign nv-sa certificate authority (CA).

Details

File name:	eBP.dll
Typical file path:	C:\users\user\appdata\Local\DProtect\eBP.dll
Size:	495.06 KB (506,944 bytes)
Build date:	8/29/2013 4:22 PM
Certificate
Issued to:	Banyan Tree Technology Limited
Authority (CA):	GlobalSign nv-sa
Effective date:	Tuesday, October 1, 2013
Expiration date:	Sunday, November 1, 2015
Digital DNA
PE subsystem:	Windows GUI
File packed:	No
.NET CLR:	No

More details

Programs

The following program will install this file

DProtect

DProtect Lab

78% remove

DProtect is an adware web browser extension that will display various popup and banner ads as well as modify the user's web browser search and home page settings. In some cases, the program will monitor a user's behavior and will inject rival advertisements over existing one or just inject new ones all together. As part of the installation process the publisher may offer changes to your Internet Browser settings. These changes if app...

Malware detections

Based on 40+ industry antivirus scanners, 16 of them detected the following malware.

Antivirus engine	Engine version	Detection
avast!	8.0.1489.320	Win32:Staser-A [Trj]
BitDefender	7.2	Application.ExqPage.H
CAT Quick Heal	10.13.12.00	Trojan.Staser.fv
Comodo Internet Security	17014	UnclassifiedMalware
Dr.Web	8.13.10.10	Adware.Mutabaha.24
Fortinet	5.1.147.0	W32/Staser.FV!tr
F-Secure	11.0.19100.45	Application.ExqPage.H
G Data	13.10.22	Application.ExqPage.H
Kaspersky	9.0.0.837	Trojan.Win32.Staser.fv
Kingsoft	2013.4.9.267	Win32.Troj.Staser.fv.(kcloud)
McAfee	5.600.1067	Adware-Bprotect
McAfee Gateway Anti-Malware	v2013-dat	Adware-Bprotect
eScan by MicroWorld	12.0.250.0	Application.ExqPage.H
Sophos	4.93.0	Generic PUA NM
Trend Micro HouseCall	9.700.0.1001	TROJ_GEN.F47V0830
VIPRE Antivirus	21906	Elex Installer (fs)

Distribution by Windows OS

OS version	distribution
Windows 7 Ultimate	50.00%
Windows 7 Professional	50.00%

Distribution by country

India installs about 50.00% of eBP.dll.

Distribution by PC manufacturer

PC Manufacturer	distribution
MSI	66.67%
Samsung	33.33%

Remove Adware and Spyware Programs, FREE Download!