» qfwyzwdibel.dll
Overview
Analysis
File Details

qfwyzwdibel.dll

Time Lapse Solutions

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser. Part of the Injekt brand of unwanted programs. The module qfwyzwdibel.dll by Time Lapse Solutions has been detected as adware by 9 anti-malware scanners.

File name:

qfwyzwdibel.dll

Publisher:

Time Lapse Solutions (signed and verified)

Version:

1.0.0.1

MD5:

2aad032ade5a42c24a6a94a21a71789e

SHA-1:

3ad57e96d571b1d1e522911a5a93dd7f978f7fa0

SHA-256:

548ba77438b1c461098b0229c8dae62bb6311da2ec13c5185ac0c1dbbd507390

Scanner detections:

9 / 68

Status:

Adware

Explanation:

Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:

4/26/2024 5:27:00 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.Agent

7.1.1

AVG

Adware Generic_r.YZ

2014.0.4257

Baidu Antivirus

Adware.MSIL.PullUpdate

4.0.3.1532

ESET NOD32

MSIL/Adware.PullUpdate.K.gen application

7.0.302.0

IKARUS anti.virus

AdWare.PullUpdate

t3scan.1.8.6.0

Kaspersky

not-a-virus:AdWare.Win64.Agent

15.0.0.543

McAfee

Artemis!2AAD032ADE5A

5600.6839

Reason Heuristics

PUP.Injekt

15.3.2.3

Trend Micro House Call

TROJ_GEN.R08NH07C115

7.2.61

File size:

1.4 MB (1,456,616 bytes)

Product version:

1.0.0.1

File type:

Dynamic link library (Win64 DLL)

Language:

English (United States)

Common path:

C:\ProgramData\application data\qxwvcnebw\dat\qfwyzwdibel.dll

Digital Signature

Signed by:

Time Lapse Solutions

Authority:

Symantec Corporation

Valid from:

1/25/2015 4:00:00 PM

Valid to:

4/26/2016 4:59:59 PM

Subject:

CN=Time Lapse Solutions, O=Time Lapse Solutions, L=St. James, S=St. James, C=BB

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

088D68E27F37630FE9E23AD19AC872B3

File PE Metadata

Compilation timestamp:

2/27/2015 8:17:04 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:9IywmMnWyuKUg/i4lntvkoQEewKVJ4zf0ZDKU+UJNzJKOhGz26AXEoeNTrzipy:uFm6RuKUFQnt8oQEewKVJ0WNQOhGvA6H

Entry address:

0x2A18

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, FF, 2B, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, A7, FE, FF, FF, CC, CC, CC, 48, 89, 4C, 24, 08, 48, 81, EC, 88, 00, 00, 00, 48, 8D, 0D, 55, C6, 00, 00, FF, 15, 87, 76, 00, 00, 48, 8B, 05, 40, C7, 00, 00, 48, 89, 44, 24, 58, 45, 33, C0, 48, 8D, 54, 24, 60, 48, 8B, 4C, 24, 58, E8, FB, 4B, 00, 00, 48, 89, 44, 24, 50, 48, 83, 7C, 24... 
[+]

Entropy:

7.9654 (probably packed)

Code size:

34 KB (34,816 bytes)

Remove qfwyzwdibel.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.