home

nrlrqwv.dll

Ratio Applications

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The module nrlrqwv.dll by Ratio Applications has been detected as adware by 11 anti-malware scanners.
Publisher:
Ratio Applications  (signed and verified)

Version:
1.0.0.1

MD5:
f98ea7564787ae4729078c0d4237e2d1

SHA-1:
cf612530c31f746d83291d44b72e478d7775a9eb

SHA-256:
2d4467f0068ed4ba4f04b8d3d1600d5ce2a25d37e4fdf9a0d12b0332cbdf5d1a

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
4/25/2024 9:59:03 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.PullUpdate.E
816

AVG
Acute
2015.0.3294

Bitdefender
Adware.PullUpdate.E
1.0.20.1570

Emsisoft Anti-Malware
Adware.PullUpdate
8.14.11.10.01

F-Secure
Adware.PullUpdate.E
11.2014-10-11_2

G Data
Adware.PullUpdate
14.11.24

MicroWorld eScan
Adware.PullUpdate.E
15.0.0.942

nProtect
Adware.PullUpdate.E
14.10.24.01

Reason Heuristics
PUP.RatioApplications.H
14.10.25.21

Sophos
Pull Update
4.98

VIPRE Antivirus
Injekt
34232

File size:
1.2 MB (1,241,440 bytes)

Product version:
1.0.0.1

Copyright:
Copyright (C) 2014

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\ProgramData\application data\tdxyekecg\dat\nrlrqwv.dll

Digital Signature
Signed by:
Ratio Applications

Authority:
VeriSign, Inc.

Valid from:
4/1/2014 11:00:00 AM

Valid to:
4/2/2015 10:59:59 AM

Subject:
CN=Ratio Applications, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ratio Applications, L=St. James, S=St. James, C=BB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
352ECA57D8FB6A999A86A031DD989803

File PE Metadata
Compilation timestamp:
10/24/2014 7:15:12 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:5oeI6r2KrKOBalpgnvBUxIp7Eas401stHfbOUuABhSAj9dYRDEbl/NqMjFrpHMNL:5oeyKrKOQlpgvBUxZ3KHfbOi/9dN7HJa

Entry address:
0x2670

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 59, 26, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 30, BD, 00, 10, 89, 0D, 2C, BD, 00, 10, 89, 15, 28, BD, 00, 10, 89, 1D, 24, BD, 00, 10, 89, 35, 20, BD, 00, 10, 89, 3D, 1C, BD, 00, 10, 66, 8C, 15, 48, BD, 00, 10, 66, 8C, 0D, 3C, BD, 00, 10, 66, 8C, 1D, 18, BD, 00, 10, 66, 8C, 05, 14, BD, 00, 10, 66, 8C, 25, 10, BD, 00, 10, 66, 8C, 2D, 0C, BD, 00, 10, 9C, 8F, 05, 40, BD...
 
[+]

Entropy:
7.9766  (probably packed)

Code size:
28 KB (28,672 bytes)

Remove nrlrqwv.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.