» nj3cwntjrquz9m.x64.dll
Overview
Analysis
File Details
Behaviors (1)

nj3cwntjrquz9m.x64.dll

The module nj3cwntjrquz9m.x64.dll has been detected as a potentially unwanted program by 24 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘coiolNNcheapp’.

File name:

MD5:

99764c77ec1be073d361aa2c3fd5dd14

SHA-1:

57a941899a47b7e3fee758943ef3b9c2bdf75c4c

SHA-256:

ec5098f68bdfeaaffb95fb33f07c3e1b699e0738db8eed52d967edf27b82453a

Scanner detections:

24 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 7:22:33 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Generic.1233876

658

AhnLab V3 Security

PUP/Win32.MultiPlug

2015.04.17

Avira AntiVirus

ADWARE/MultiPlug.Gen4

3.6.1.96

avast!

Win64:Adware-gen [Adw]

2014.9-150418

AVG

AdPlugin

2016.0.3136

Baidu Antivirus

Adware.Win64.MultiPlug

4.0.3.15418

Bitdefender

Application.Generic.1233876

1.0.20.540

Clam AntiVirus

Win.Adware.Multiplug-40063

0.98/21511

Comodo Security

ApplicUnwnt

21786

ESET NOD32

Win64/Adware.MultiPlug (variant)

9.11483

Fortinet FortiGate

Adware/MultiPlug

4/18/2015

F-Secure

Application.Generic.1233876

11.2015-18-04_7

G Data

Application.Generic.1233876

15.4.25

herdProtect (fuzzy)

variant of viphsxqvvjpbx7.x64.dll

2015.7.19.22

K7 AntiVirus

Adware

13.202.15614

Malwarebytes

PUP.Optional.MultiPlug.A

v2015.04.18.09

McAfee

Multiplug-FWX

5600.6792

MicroWorld eScan

Application.Generic.1233876

16.0.0.324

NANO AntiVirus

Riskware.Win64.MultiPlug.dqdngp

0.30.16.1110

Panda Antivirus

Trj/CI.A

15.04.18.09

Qihoo 360 Security

Win32/Virus.Adware.f45

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

15.4.18.5

Trend Micro House Call

TROJ_GEN.R047H06D415

7.2.108

VIPRE Antivirus

Trojan.Win32.Generic

39394

File size:

892.5 KB (913,920 bytes)

File type:

Dynamic link library (Win64 DLL)

Common path:

C:\Program Files\coiolnncheapp\nj3cwntjrquz9m.x64.dll

Registration

CLSID:

{752d8d23-763f-4ab2-9a7a-283d4cf06285}

ProgID:

P752d8d23_763f_4ab2_9a7a_283d4cf06285_.9

COM registered:

Yes

File PE Metadata

Compilation timestamp:

4/2/2015 1:03:24 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

12288:+TGmzZ+ptdHSGBRI3uQXQjlFIV09pu0A30o9ymYFf5NK:Wl+pvrDI3uQI

Entry address:

0x51E9C

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 6F, 70, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, 03, 00, 00, 00, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 20, 4C, 89, 40, 18, 89, 50, 10, 48, 89, 48, 08, 56, 57, 41, 56, 48, 83, EC, 50, 49, 8B, F0, 8B, DA, 4C, 8B, F1, BA, 01, 00, 00, 00, 89, 50, B8, 85, DB, 75, 0F, 39, 1D, 38, 8F, 08, 00, 75, 07, 33, C0, E9, D2, 00, 00, 00, 8D, 43, FF... 
[+]

Code size:

417.5 KB (427,520 bytes)

Internet Explorer BHO

Display name:

coiolNNcheapp

CLSID:

{752d8d23-763f-4ab2-9a7a-283d4cf06285}

Remove nj3cwntjrquz9m.x64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.