MailRuSputnik.dll
MailRuSputnik Module by LLC Mail.Ru (Signed)
Warning 9 antivirus scanners has detected malware in various versions of MailRuSputnik.dll.
Overview
mailrusputnik.dll has 11 known versions, the most recent one is 2, 4, 1, 218. It is installed as an Internet Explorer extension as a Browser Helper Object, often without any obvious user interface, and will start when IE loads. The average file size is about 1.67 MB. It is an authenticode code-signed executable issued to LLC Mail.Ru by the certification authority Thawte. The library is loaded into Internet Explorer as a BHO (browser helper object).
 Details
|
| File name: | mailrusputnik.dll |
| Publisher: | @Mail.Ru |
| Product name: | MailRuSputnik Module |
| Typical file path: | C:\Program Files\mail.ru\sputnik\mailrusputnik.dll |
| Certificate |
| Issued to: | LLC Mail.Ru |
| Authority (CA): | Thawte |
| Effective date: | Monday, September 12, 2011 |
| Expiration date: | Wednesday, July 2, 2014 |
Behaviors
(Note, the behaviors below are for all versions of mailrusputnik.dll, select a unique version for details.)
Internet Explorer Browser Helper Object
Located in the registry at 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects'
- BHO CLSID: {8984B388-A5BB-4DF7-B274-77B879E179DB}
Internet Explorer toolbars
Located in the registry at 'SOFTWARE\Microsoft\Internet Explorer\Toolbar'
- CLSID: {09900DE8-1DCA-443F-9243-26FF581438AF}
Internet Explorer URL search hooks
- CLSID: {09900DE8-1DCA-443F-9243-26FF581438AF}
Internet Explorer web browsers
Located in the registry at 'SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser'
- CLSID: {09900DE8-1DCA-443F-9243-26FF581438AF}
Internet Explorer shell browsers
- CLSID: {09900DE8-1DCA-443F-9243-26FF581438AF}
Malware detections
Based on 40+ industry antivirus scanners, 9 of them detected the following malware.
| Antivirus engine | Engine version | Detection | File version |
| Rising Antivirus |
24.54.04.01 |
Suspicious |
2, 4, 1, 74 |
| Rising Antivirus |
25.0.0.10 |
PE:Trojan.RuMail!1.6574 |
2, 4, 0, 504 |
| Rising Antivirus |
24.87.06.04 |
Suspicious |
2, 4, 1, 150 |
| Rising Antivirus |
25.0.0.11 |
PE:Trojan.RuMail!1.6574 |
2, 4, 1, 138 |
| Rising Antivirus |
24.81.06.04 |
Suspicious |
2, 4, 1, 170 |
| Rising Antivirus |
24.83.00.04 |
Suspicious |
2, 4, 1, 218 |
| Symantec |
20131.1.5.61 |
WS.Reputation.1 |
2, 4, 1, 150 |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.F47V1101 |
2, 4, 0, 271 |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.F47V0802 |
2, 4, 1, 218 |
All file variations of mailrusputnik.dll
Distribution by Windows OS
| OS version | distribution |
| Microsoft Windows XP |
48.00% |
|
| Windows 7 Home Basic |
18.00% |
|
| Windows 7 Home Premium |
18.00% |
|
| Windows 7 Ultimate |
12.00% |
|
| Windows 7 Professional |
4.00% |
|
Distribution by country
Russia installs about 32.00% of MailRuSputnik Module.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Acer |
25.71% |
|
| Lenovo |
22.86% |
|
| Dell |
11.43% |
|
| Hewlett-Packard |
11.43% |
|
| Samsung |
11.43% |
|
| GIGABYTE |
8.57% |
|
| ASUS |
5.71% |
|
| American Megatrends |
2.86% |
|
