» wplmahep.dll
Overview
Analysis
File Details
Programs (1)

wplmahep.dll

The module wplmahep.dll has been detected as a potentially unwanted program by 23 anti-malware scanners. This file is typically installed with the program Only-search by Pay-by-Ads Ltd which is a potentially unwanted software program.

File name:

wplmahep.dll

MD5:

6adb9a306f0a18afa6bb3ad412405aee

SHA-1:

a6d3b5f4a0146ea09233101b5391d12235eab183

SHA-256:

87074297c7c03c7ae85a36b79ea2231acf27b23059d0fcd873288884ce5f1940

Scanner detections:

23 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 9:23:31 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Mikey.16622

578

Agnitum Outpost

PUA.Toolbar.Montiera

7.1.1

AhnLab V3 Security

Adware/Win32.Agent

2015.07.03

Arcabit

Trojan.Mikey.D40EE

1.0.0.425

avast!

Win32:Dropper-gen [Drp]

2014.9-150707

AVG

Generic36

2016.0.3056

Baidu Antivirus

Adware.Win32.Agent

4.0.3.1577

Bitdefender

Gen:Variant.Mikey.16622

1.0.20.940

Emsisoft Anti-Malware

Gen:Variant.Mikey.16622

8.15.07.07.03

ESET NOD32

Win32/Toolbar.Montiera.Y potentially unwanted (variant)

9.11881

Fortinet FortiGate

Riskware/Montiera

7/7/2015

F-Secure

Gen:Variant.Mikey.16622

11.2015-07-07_3

G Data

Gen:Variant.Mikey.16622

15.7.25

K7 AntiVirus

Trojan

13.205.16443

McAfee

RDN/Generic.grp!ib

5600.6712

MicroWorld eScan

Gen:Variant.Mikey.16622

16.0.0.564

NANO AntiVirus

Riskware.Win32.Toolbar.dpumyn

0.30.24.2320

Panda Antivirus

Generic Suspicious

15.07.07.03

Reason Heuristics

Threat.Win.Reputation.IMP

15.7.7.3

Rising Antivirus

PE:Trojan.Win32.Generic.18A4E86A!413460586

23.00.65.15705

Sophos

Mal/Generic-S

4.98

Trend Micro

TROJ_GEN.R00UC0PCU15

10.465.07

VIPRE Antivirus

Trojan.Win32.Generic

41662

File size:

298 KB (305,152 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\onlysearch\onlysearch\1.3.22.1\wplmahep.dll

File PE Metadata

Compilation timestamp:

2/22/2015 1:55:38 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:jHwChEyziwtW5e9/PqmjCRpfDCKWfmOc6v2kUV49YASuOo:TwbyzigiuHqmjCbCKWfmOBdUV4jVO

Entry address:

0x2203F

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 4D, 98, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 80, 9B, 04, 10, 00, 74, 05, E9, 9B, 98, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B... 
[+]

Code size:

225 KB (230,400 bytes)

The file wplmahep.dll has been discovered within the following program.

Only-search by Pay-by-Ads Ltd

OnlySearch is an web browser advertisement extension that delivers ads to the user's web browser. Ads are in the form of traditional banners as well as context-hyper links.

81% remove it

Remove wplmahep.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.