» qspl1egv.dll
Overview
Analysis
File Details
Behaviors (1)

qspl1egv.dll

The module qspl1egv.dll has been detected as a potentially unwanted program by 28 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘xx’.

File name:

qspl1egv.dll

MD5:

3982bf010354090acc577315aa9f7462

SHA-1:

0215c818d9bce5b5ab1cc62d8ae6a705fcae6c52

Scanner detections:

28 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 10:15:05 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.BHO

7.1.1

Avira AntiVirus

TR/BHO.eeskp

7.11.106.38

avast!

Win32:BHO-ADS [Trj]

2014.9-140725

AVG

BHO

2015.0.3403

Bitdefender

Trojan.Generic.6700731

1.0.20.1030

Bkav FE

HW32.CDB

1.3.0.4246

Comodo Security

UnclassifiedMalware

17065

Dr.Web

Trojan.Click2.178

9.0.1.0206

Emsisoft Anti-Malware

Trojan.Generic.6700731

8.14.07.25.08

ESET NOD32

Win32/BHO.ODC (variant)

8.8885

Fortinet FortiGate

W32/Delf

7/25/2014

F-Secure

Trojan.Generic.6700731

11.2014-25-07_6

G Data

Trojan.Generic.6700731

14.7.22

IKARUS anti.virus

Trojan.Win32.BHO

t3scan.2.0.127

K7 AntiVirus

Riskware

13.173.9789

Kaspersky

not-a-virus:AdWare.Win32.Delf

14.0.0.3508

Malwarebytes

Adware.Agent

v2014.07.25.08

McAfee

Artemis!3982BF010354

5600.7059

Microsoft Security Essentials

Trojan:Win32/BHO.EE

1.163.1557.0

MicroWorld eScan

Trojan.Generic.6700731

15.0.0.618

NANO AntiVirus

Trojan.Win32.BHO.icuwx

0.26.0.55203

Norman

BHO.AAYE

11.20140725

Panda Antivirus

Generic Malware

14.07.25.08

Rising Antivirus

Trojan.BHO!4E5D

23.00.65.14723

Sophos

Mal/Generic-S

4.93

Trend Micro House Call

TROJ_GEN.USHXK07

7.2.206

Vba32 AntiVirus

AdWare.Delf

3.12.24.3

VIPRE Antivirus

Trojan.Win32.Generic

22162

File size:

349.5 KB (357,888 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Documents and Settings\{user}\Application data\qspl1egv.dll

Registration

CLSID:

{CC01FC6C-3425-5615-2C8F-DA4A82277BA8}

ProgID:

qspl1egv.xx

COM registered:

Yes

File PE Metadata

Compilation timestamp:

6/20/1992 2:52:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

6144:uCI4MkX6/evb9bcVp1te2CdZjYJPDJ8J+DJmhj6gaX:04Mrevb9IVp1te2CdaZw+Dkj6ga

Entry address:

0xE3001

Entry point:

60, E8, 03, 00, 00, 00, E9, EB, 04, 5D, 45, 55, C3, E8, 01, 00, 00, 00, EB, 5D, BB, ED, FF, FF, FF, 03, DD, 81, EB, 00, 30, 0E, 00, 83, BD, 88, 04, 00, 00, 00, 89, 9D, 88, 04, 00, 00, 0F, 85, CB, 03, 00, 00, 8D, 85, 94, 04, 00, 00, 50, FF, 95, A9, 0F, 00, 00, 89, 85, 8C, 04, 00, 00, 8B, F0, 8D, 7D, 51, 57, 56, FF, 95, A5, 0F, 00, 00, AB, B0, 00, AE, 75, FD, 38, 07, 75, EE, 8D, 45, 7A, FF, E0, 56, 69, 72, 74, 75, 61, 6C, 41, 6C, 6C, 6F, 63, 00, 56, 69, 72, 74, 75, 61, 6C, 46, 72, 65, 65, 00, 56, 69, 72, 74... 
[+]

Entropy:

7.9735

Packer / compiler:

ASPack v2.12

Code size:

769 KB (787,456 bytes)

Internet Explorer BHO

CLSID:

{CC01FC6C-3425-5615-2C8F-DA4A82277BA8}

CLSID name:

Remove qspl1egv.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.