» lqmzlhbgr.dll
Overview
Analysis
File Details

lqmzlhbgr.dll

Small Island Development

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The module lqmzlhbgr.dll by Small Island Development has been detected as adware by 6 anti-malware scanners.

File name:

lqmzlhbgr.dll

Publisher:

Small Island Development (signed and verified)

Version:

1.0.0.1

MD5:

03b181c5db62e600ae7fcaca9b4c6046

SHA-1:

4492d9a1bb67fa75d44c1aa4314786f1ec80a2f0

SHA-256:

4a322f3a3746fb815f285cc303b7b10561a19b024265a13a4ac50e0dd1a3720f

Scanner detections:

6 / 68

Status:

Adware

Explanation:

Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:

4/25/2024 10:44:15 PM UTC (today)

Scan engine

Detection

Engine version

Baidu Antivirus

Adware.MSIL.PullUpdate

4.0.3.1521

ESET NOD32

MSIL/Adware.PullUpdate.K.gen application

7.0.302.0

IKARUS anti.virus

AdWare.PullUpdate

t3scan.1.8.6.0

Kaspersky

not-a-virus:AdWare.Win64.Agent

15.0.0.543

Panda Antivirus

Adware/TVWizard

15.02.01.02

Reason Heuristics

PUP.Injekt

15.2.1.2

File size:

1.4 MB (1,456,624 bytes)

Product version:

1.0.0.1

File type:

Dynamic link library (Win64 DLL)

Language:

English (United States)

Common path:

C:\ProgramData\application data\mgtdspenfcc\dat\lqmzlhbgr.dll

Digital Signature

Signed by:

Small Island Development

Authority:

Symantec Corporation

Valid from:

12/23/2014 5:00:00 PM

Valid to:

2/22/2016 4:59:59 PM

Subject:

CN=Small Island Development, O=Small Island Development, L=St. James, S=St. James, C=BB

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

2ACB4CDCE993E485342ABFA2BCA95A17

File PE Metadata

Compilation timestamp:

1/30/2015 10:15:10 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:6Iywt5K/xcZdCBpP3uavPBqJXYTyjAifj1vQvEeIuk54HiQeVpOt9uYBeLXtx:JFt5KGzCBsX4yAqeEPulH0QtQYc

Entry address:

0x2A18

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, FF, 2B, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, A7, FE, FF, FF, CC, CC, CC, 48, 89, 4C, 24, 08, 48, 81, EC, 88, 00, 00, 00, 48, 8D, 0D, 55, C6, 00, 00, FF, 15, 87, 76, 00, 00, 48, 8B, 05, 40, C7, 00, 00, 48, 89, 44, 24, 58, 45, 33, C0, 48, 8D, 54, 24, 60, 48, 8B, 4C, 24, 58, E8, FB, 4B, 00, 00, 48, 89, 44, 24, 50, 48, 83, 7C, 24... 
[+]

Entropy:

7.9683 (probably packed)

Code size:

34 KB (34,816 bytes)

Remove lqmzlhbgr.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.