home

QZoneClone.DLL

QQ空间克隆器

Elf Network Co.,Ltd

The library QZoneClone.DLL has been detected as malware by 6 anti-virus scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘QZoneCloneBHO’.
Publisher:
Elf Network Co.,Ltd  (signed and verified)

Product:
QQ空间克隆器

Description:
QZoneClone Class

Version:
2, 5, 0, 1

MD5:
847a5fd613fb2453048cca73ad167436

SHA-1:
19399706c07b061b4ec0b7dd2304f983dd22c2aa

SHA-256:
5ec96b8d14fa23d73cca075fbfd2d840791958ee3779dcaba69f423128d8229c

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
4/18/2024 10:44:31 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Trojan.Win32.Phobiq
4.0.3.16727

Comodo Security
UnclassifiedMalware
21455

ESET NOD32
Win32/Phobiq (variant)
10.11341

IKARUS anti.virus
Trojan.Win32.Phobiq
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.201.15304

McAfee
Artemis!847A5FD613FB
5600.6326

File size:
328.1 KB (335,984 bytes)

Product version:
2, 5, 0, 1

Copyright:
Copyright 2013

Original file name:
QZoneClone.DLL

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\qzoneclone\qzoneclone.dll

Digital Signature
Signed by:
Elf Network Co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
5/10/2013 8:00:00 AM

Valid to:
7/9/2016 7:59:59 AM

Subject:
CN="Elf Network Co.,Ltd", OU=QQAPP, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Elf Network Co.,Ltd", L=TianMen, S=HUBEI, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5E5521C74565E8C6C418E5C644573FBD

File PE Metadata
Compilation timestamp:
7/18/2014 4:07:55 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:heXpPQyk9Btl0eKSL7dJtilBBDahuMM2XS+E1Od2ZLFoAvgrhMmXh:h0k9z6eKSL7dUBDah1MLT1ZZLFoDxh

Entry address:
0x23426

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 45, B7, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 0F, B7, 08, 53, 56, 57, 66, 85, C9, 74, 2C, 8B, 5D, 0C, 0F, B7, 3B, 0F, B7, C9, 8B, F3, 66, 3B, F9, 74, 12, 0F, B7, D7, 66, 85, D2, 74, 14, 46, 46, 0F, B7, 16, 66, 3B, D1, 75, F1, 40, 40, 0F, B7, 08, 66, 85, C9, 75, DD, 2B, 45, 08, 5F, 5E, D1, F8, 5B, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 45, 08, 66, 83, 38, 00, 53, 56, 57, 74, 2A, 8B, 5D, 0C...
 
[+]

Entropy:
6.5522

Code size:
236.5 KB (242,176 bytes)

Internet Explorer BHO
Display name:
QZoneCloneBHO

CLSID:
{99C696D8-7270-4B8E-BF1C-83153D100E72}

CLSID name:
QZoneClone class


Remove QZoneClone.DLL - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.