» drgwz9tenkp47b.x64.dll
Overview
Analysis
File Details
Programs (1)

drgwz9tenkp47b.x64.dll

engineer Database time

The module drgwz9tenkp47b.x64.dll, “a program itself the” has been detected as a potentially unwanted program by 16 anti-malware scanners. This file is typically installed with the program DiscountLocator by InstalleRex-WebPick which is a potentially unwanted software program.

File name:

Publisher:

engineer Database time

Product:

engineer Database time

Description:

a program itself the

Version:

with discrete

MD5:

41dd9f48b7bcae06399ecfd40e90d2ac

SHA-1:

1a8f7bb8cf771ef600db7a524e84c72591134bdf

SHA-256:

0ebfe87228f9a8dbc002ceb9cb216090ee939b2c11e92cebea6df34979657139

Scanner detections:

16 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 4:26:31 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Generic.905050

803

AVG

Generic_r

2015.0.3283

Baidu Antivirus

Adware.Win64.MultiPlug

4.0.3.141121

Bitdefender

Application.Generic.905050

1.0.20.1640

Comodo Security

ApplicUnwnt

20075

ESET NOD32

Win64/Adware.MultiPlug (variant)

8.10761

Fortinet FortiGate

Adware/MultiPlug

11/24/2014

F-Secure

Application.Generic.905050

11.2014-24-11_2

G Data

Application.Generic.905050

14.11.24

Malwarebytes

PUP.Optional.MultiPlug

v2014.11.21.10

McAfee

RDN/Generic PUP.x!cqc

5600.6939

MicroWorld eScan

Application.Generic.905050

15.0.0.984

Reason Heuristics

Threat.Win.Reputation.IMP

14.11.24.11

Trend Micro House Call

Suspicious_GEN.F47V1120

7.2.325

Trend Micro

ADW_MULTIPLUG

10.465.24

VIPRE Antivirus

Win64.Adware.MultiPlug

34996

File size:

879 KB (900,096 bytes)

Product version:

engineer Database time

Original file name:

a program itself the

File type:

Dynamic link library (Win64 DLL)

Language:

English (United States)

Common path:

C:\ProgramData\application data\deal4me\drgwz9tenkp47b.x64.dll

File PE Metadata

Compilation timestamp:

11/20/2014 1:04:05 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:fqTDDtq+AgreUggq3p0SslvhAYqaRrm8:iTDDtq+Rsf5UK4a8

Entry address:

0x903B8

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, F7, 5D, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 8C, 5B, 04, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Entropy:

5.9485

Code size:

628 KB (643,072 bytes)

The file drgwz9tenkp47b.x64.dll has been discovered within the following program.

DiscountLocator by InstalleRex-WebPick

DiscountLocator is an adware program that will display extra advertisements when users are using search engines such as Bing and Google. In Chrome, it installs itself as an extension and in Internet Explorer it runs as a process as well as a Browser Helper Object.

79% remove it

Remove drgwz9tenkp47b.x64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.