home

vulnerability.dll

GetActMsg Dynamic Link Library

Qiwang Computer

The module vulnerability.dll by Qiwang Computer has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Qiwang Computer  (signed and verified)

Product:
GetActMsg Dynamic Link Library

Description:
GetActMsg DLL

Version:
1, 0, 0, 1

MD5:
26ce1bbd240098f643dc7c5398788384

SHA-1:
2c020142a977c256bf73d39f33b531a7d7d69a30

SHA-256:
0244d82cd6b0514670b5267dbf5e65c1d5bb13559a19b4d32a25e861a71c0340

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/18/2024 7:33:11 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.QiwangComputer (M)
16.1.29.15

File size:
29.3 KB (30,000 bytes)

Product version:
1, 0, 0, 1

Copyright:
版权所有 (C) 2009

Original file name:
GetActMsg.DLL

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\spyware cease\vulnerability.dll

Digital Signature
Signed by:
Qiwang Computer

Authority:
VeriSign, Inc.

Valid from:
6/16/2008 3:00:00 AM

Valid to:
6/14/2011 2:59:59 AM

Subject:
CN=Qiwang Computer, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Qiwang Computer, L=Nanning, S=Guangxi, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
19E46BDB66FF71931FE43DB54F76BE4F

File PE Metadata
Compilation timestamp:
6/24/2009 6:14:02 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
192:FFcCYOEq7C6jyowJL/aMjGwP7FM2oHF+ebMIMduK:H1YlqWIYJLW6o7bcuK

Entry address:
0x133B

Entry point:
55, 8B, EC, 53, 8B, 5D, 08, 56, 8B, 75, 0C, 57, 8B, 7D, 10, 85, F6, 75, 09, 83, 3D, 44, 30, 00, 10, 00, EB, 26, 83, FE, 01, 74, 05, 83, FE, 02, 75, 22, A1, 10, 30, 00, 10, 85, C0, 74, 09, 57, 56, 53, FF, D0, 85, C0, 74, 0C, 57, 56, 53, E8, 15, FF, FF, FF, 85, C0, 75, 04, 33, C0, EB, 4E, 57, 56, 53, E8, A5, FC, FF, FF, 83, FE, 01, 89, 45, 0C, 75, 0C, 85, C0, 75, 37, 57, 50, 53, E8, F1, FE, FF, FF, 85, F6, 74, 05, 83, FE, 03, 75, 26, 57, 56, 53, E8, E0, FE, FF, FF, 85, C0, 75, 03, 21, 45, 0C, 83, 7D, 0C, 00...
 
[+]

Entropy:
2.5702

Developed / compiled with:
Microsoft Visual C++ 6.0

Code size:
4 KB (4,096 bytes)

Remove vulnerability.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.