home

vlqy5lfill1yy0.dll

a XQuery

The module vlqy5lfill1yy0.dll, “physical term database” has been detected as a potentially unwanted program by 16 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘BuyNsave’.
Publisher:
a XQuery

Product:
a XQuery

Description:
physical term database

Version:
language manual they

MD5:
f33ec4d79919956acecd8a0c62d97bc4

SHA-1:
27493066296daa289f94b68870fc7ad2507705a3

SHA-256:
85d2f93a72b19a6f388cc28016c82e9dbcc9b5558c3099aa243cdc5018d5cc29

Scanner detections:
16 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 3:08:13 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.154184
805

Avira AntiVirus
ADWARE/MultiPlug.Gen
7.11.188.26

avast!
Win32:MultiPlug-LV [PUP]
2014.9-141121

Baidu Antivirus
Adware.Win32.MultiPlug
4.0.3.141121

Bitdefender
Gen:Variant.Adware.Graftor.154184
1.0.20.1625

Comodo Security
Application.Win32.MultiPlug.BNJ
20155

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.154184
8.14.11.21.08

ESET NOD32
Win32/AdWare.MultiPlug.BN (variant)
8.10763

F-Secure
Gen:Variant.Adware.Graftor.154184
11.2014-21-11_6

G Data
Gen:Variant.Adware.Graftor.154184
14.11.24

Malwarebytes
PUP.Optional.MultiPlug
v2014.11.21.08

McAfee
MultiPlug
5600.6939

MicroWorld eScan
Gen:Variant.Adware.Graftor.154184
15.0.0.975

Panda Antivirus
Trj/Genetic.gen
14.11.21.08

Qihoo 360 Security
HEUR/QVM30.1.Malware.Gen
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.11.21.19

File size:
745 KB (762,880 bytes)

Product version:
a XQuery

Copyright:
Copyright (C) 2014

Original file name:
physical term database

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\buynsave\vlqy5lfill1yy0.dll

File PE Metadata
Compilation timestamp:
11/21/2014 3:05:49 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:rQJXt3wCQttJTSALX2yr2v26FWyVrW3hHVqRXsZOMqXjlhliXI4EX1WSwwoe:CJwXTFjLDhHSU1M1iY461WSloe

Entry address:
0x70531

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 02, 50, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 88, D9, 08, 10, E8, 50, 0B, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, D8, A1, 09, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 38, 41, 08, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
5.7688

Developed / compiled with:
Microsoft Visual C++

Code size:
495.5 KB (507,392 bytes)

Internet Explorer BHO
Display name:
BuyNsave

CLSID:
{188572bb-ef38-4a84-b7bb-2fe545203d3d}


Remove vlqy5lfill1yy0.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.