home

ivqbmt.dll

Small Island Development

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The module ivqbmt.dll by Small Island Development has been detected as adware by 12 anti-malware scanners.
Publisher:
Small Island Development  (signed and verified)

Version:
1.0.0.1

MD5:
ee6d69fe16ef22d970432bf0824bdab6

SHA-1:
349ad9570b4c81fae4709ca449fab66dffd2a4f2

SHA-256:
515298e01ad034dc95ec5828a8845cd0b4cb42929bd1c88052e5333bd8eed162

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
4/25/2024 10:03:41 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Agent
7.1.1

AVG
Adware Generic_r.YZ
2014.0.4257

Baidu Antivirus
Adware.MSIL.PullUpdate
4.0.3.15227

ESET NOD32
MSIL/Adware.PullUpdate.K.gen application
7.0.302.0

IKARUS anti.virus
AdWare.PullUpdate
t3scan.1.8.6.0

Kaspersky
not-a-virus:AdWare.Win64.Agent
15.0.0.543

McAfee
Artemis!EE6D69FE16EF
5600.6841

Panda Antivirus
Adware/TVWizard
15.02.27.10

Reason Heuristics
PUP.Injekt
15.2.27.21

Trend Micro House Call
TROJ_GEN.R08NH07BQ15
7.2.58

VIPRE Antivirus
Threat.4872425
37788

Zillya! Antivirus
Adware.Agent.Win64.49
2.0.0.2084

File size:
1.4 MB (1,456,624 bytes)

Product version:
1.0.0.1

Copyright:
Copyright (C) 2014

File type:
Dynamic link library (Win64 DLL)

Language:
English (United States)

Common path:
C:\ProgramData\application data\yxayrrq\dat\ivqbmt.dll

Digital Signature
Signed by:
Small Island Development

Authority:
Symantec Corporation

Valid from:
12/23/2014 6:00:00 PM

Valid to:
2/22/2016 5:59:59 PM

Subject:
CN=Small Island Development, O=Small Island Development, L=St. James, S=St. James, C=BB

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
2ACB4CDCE993E485342ABFA2BCA95A17

File PE Metadata
Compilation timestamp:
2/24/2015 11:04:44 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:1IywsUL2yY5JDBV0ECZfkH0LGr88UnhHnRGwTpKU/atDSBdSG8Dq2Ya8uuq:WFpKLJ1V0EgmRURnRGkKeakBdSRYaFuq

Entry address:
0x2A18

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, FF, 2B, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, A7, FE, FF, FF, CC, CC, CC, 48, 89, 4C, 24, 08, 48, 81, EC, 88, 00, 00, 00, 48, 8D, 0D, 55, C6, 00, 00, FF, 15, 87, 76, 00, 00, 48, 8B, 05, 40, C7, 00, 00, 48, 89, 44, 24, 58, 45, 33, C0, 48, 8D, 54, 24, 60, 48, 8B, 4C, 24, 58, E8, FB, 4B, 00, 00, 48, 89, 44, 24, 50, 48, 83, 7C, 24...
 
[+]

Entropy:
7.9682  (probably packed)

Code size:
34 KB (34,816 bytes)

Remove ivqbmt.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.