home

wehjestzg5xwud.dll

The module wehjestzg5xwud.dll has been detected as a potentially unwanted program by 28 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘lowPrrices’. The library is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
MD5:
8c7fb67690250d9777bf13a7d5d80536

SHA-1:
3d0aa6893d51e047eac0a82ae77577392e060ca2

SHA-256:
f68cb048bdd3a2a21cd0b20742206e9370e2af7279f5c374222c8eeca2a521c4

Scanner detections:
28 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/25/2024 8:36:34 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Zusy.139555
5547725

Agnitum Outpost
PUA.MultiPlug
7.1.1

AhnLab V3 Security
PUP/Win32.MultiPlug
2015.05.23

Avira AntiVirus
TR/Crypt.XPACK.Gen7
8.3.1.6

avast!
Win32:Adware-gen [Adw]
150521-0

AVG
Adware Generic6.ASBY
2014.0.4311

Bitdefender
Gen:Variant.Application.Zusy.139555
1.0.20.715

Comodo Security
Application.Win32.AdWare.MultiPlug.VB
22221

Dr.Web
Trojan.Crossrider1.30883
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Zusy.139555
10.0.0.5366

ESET NOD32
Win32/Adware.MultiPlug.KM application
7.0.302.0

Fortinet FortiGate
Riskware/MultiPlug
5/23/2015

F-Prot
W32/S-6a86fe59
v6.4.7.1.166

F-Secure
Gen:Variant.Application.Zusy
11.2015-23-05_7

G Data
Gen:Variant.Application.Zusy.139555
15.5.25

K7 AntiVirus
Unwanted-Program
13.204.16007

Malwarebytes
PUP.Optional.MultiPlug.A
v2015.05.23.10

McAfee
Program.Multiplug-FNZ
18.0.204.0

MicroWorld eScan
Gen:Variant.Application.Zusy.139555
16.0.0.429

NANO AntiVirus
Trojan.Win32.XPACK.drucjj
0.30.24.1636

Panda Antivirus
Trj/Genetic.gen
15.05.23.10

Qihoo 360 Security
HEUR/QVM30.1.Malware.Gen
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
15.5.23.10

Rising Antivirus
PE:Packer.Win32.Crypt.ej!1075357707
23.00.65.15521

Sophos
PUA 'MultiPlug' (of type Adware)
5.14

Trend Micro House Call
TROJ_GEN.R08NH06EH15
7.2.143

VIPRE Antivirus
Threat.4150696
40432

Zillya! Antivirus
Adware.MultiPlug.Win32.321469
2.0.0.2187

File size:
802.5 KB (821,760 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\lowprrices\wehjestzg5xwud.dll

Registration
CLSID:
{5B704122-00B5-4D78-AAD1-CC0776624DA5}

ProgID:
P5B704122_00B5_4D78_AAD1_CC0776624DA5_.9

COM registered:
Yes

File PE Metadata
Compilation timestamp:
5/17/2015 2:05:08 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:0HVM7iUHh8g4ihzUghCit6vrY0LnidVbRdcrabsaqvwPwDUDogCYAGfU8JJMzl4l:lHh8/ni0uYN7aI/tFnTjOpbK21

Entry address:
0x3DC61

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 30, 62, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 20, 5E, 06, 10, E8, A0, 0B, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, D0, 24, 0B, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 18, C4, 05, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
334.5 KB (342,528 bytes)

Internet Explorer BHO
Display name:
lowPrrices

CLSID:
{5B704122-00B5-4D78-AAD1-CC0776624DA5}


Remove wehjestzg5xwud.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.