» rlrwensufg.dll
Overview
Analysis
File Details

rlrwensufg.dll

Acute Angle Solutions Ltd.

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The module rlrwensufg.dll by Acute Angle Solutions has been detected as adware by 9 anti-malware scanners.

File name:

rlrwensufg.dll

Publisher:

Acute Angle Solutions Ltd. (signed and verified)

MD5:

51e76ede06df828b7e87d65dcded7a51

SHA-1:

73e54e5b38e0a26946af587ecbb0e675c2bf8168

SHA-256:

07e80fa987aef97ef0aeac0bc263ec1eaee7dc5da1c031df0dd0bce33be50c99

Scanner detections:

9 / 68

Status:

Adware

Explanation:

Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:

4/27/2024 2:06:39 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/Adware.Gen

7.11.178.210

AVG

Acute

2015.0.3311

Baidu Antivirus

Adware.MSIL.PullUpdate

4.0.3.141024

ESET NOD32

MSIL/Adware.PullUpdate (variant)

8.10571

G Data

Win32.Adware.AcuteAngle

14.10.24

K7 AntiVirus

Adware

13.183.13690

Reason Heuristics

PUP.AcuteAngleSolutions.K

14.10.24.18

Sophos

Pull Update

4.98

VIPRE Antivirus

Injekt

33964

File size:

1.1 MB (1,187,200 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\ProgramData\application data\qaxgwv\dat\rlrwensufg.dll

Digital Signature

Signed by:

Acute Angle Solutions Ltd.

Authority:

VeriSign, Inc.

Valid from:

1/31/2014 11:00:00 AM

Valid to:

2/1/2015 10:59:59 AM

Subject:

CN=Acute Angle Solutions Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Acute Angle Solutions Ltd., L=St. James, S=St. James, C=BB

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0A7A77148C6F7A33F9174DA187F6FEF0

File PE Metadata

Compilation timestamp:

10/10/2014 6:02:09 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:/sHjg1MmbRtqOMshcboONnIF9cM3NQ3tJtPxb4T9O0ft+:U01hdtdM2F9cM3GxPCT9vft+

Entry address:

0xB0F94

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 44, C1, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 34, 91, 11, 45, 00, 74, 05, E9, 97, C1, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03... 
[+]

Entropy:

6.2696

Code size:

821 KB (840,704 bytes)

Remove rlrwensufg.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.