home

llzncupgssuaol.dll

of

The module llzncupgssuaol.dll, “hold less structures” has been detected as a potentially unwanted program by 34 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘ExpORtAApppLicati’. The library is built using the Crossrider cross-browser extension toolkit. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.
Publisher:
of

Product:
of

Description:
hold less structures

MD5:
4bc99d287f0b5eadc4c3c67f973c7c2a

SHA-1:
fcf2774a1df2f87b9de0ee20e995754b7707848a

SHA-256:
63e36e31f24aa8ae49d8ef7392912b3a36323951f7d494319979303f777a41a1

Scanner detections:
34 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/28/2024 8:22:00 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.20
506

Agnitum Outpost
PUA.MultiPlug
7.1.1

AhnLab V3 Security
PUP/Win32.MultiPlug
2015.09.07

Avira AntiVirus
ADWARE/MultiPlug.Gen7
8.3.2.2

Arcabit
Trojan.Adware.20
1.0.0.425

avast!
Win32:Adware-gen [Adw]
2014.9-150916

AVG
Generic6
2016.0.2984

Baidu Antivirus
Adware.Win32.MultiPlug
4.0.3.15916

Bitdefender
Gen:Variant.Adware.20
1.0.20.1295

Clam AntiVirus
Win.Adware.Multiplug-49763
0.98/21511

Comodo Security
Application.Win32.AdWare.MultiPlug.VB
23189

Dr.Web
Trojan.Crossrider1.44294
9.0.1.0259

Emsisoft Anti-Malware
Gen:Variant.Adware.20
8.15.09.16.12

ESET NOD32
Win32/Adware.MultiPlug.ND (variant)
9.12159

Fortinet FortiGate
Riskware/MultiPlug
9/16/2015

F-Prot
W32/S-f7fb58ee
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.20
11.2015-16-09_4

G Data
Gen:Variant.Adware.20
15.9.25

herdProtect (fuzzy)
variant of 3upzsmj1defolu.dll
2015.11.18.14

IKARUS anti.virus
PUA.Multiplug
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.2017023

Malwarebytes
PUP.Optional.MultiPlug.BHO.F
v2015.09.16.12

McAfee
Multiplug-FAG
5600.6640

Microsoft Security Essentials
BrowserModifier:Win32/Diplugem
1.1.12002.0

MicroWorld eScan
Gen:Variant.Adware.20
16.0.0.777

NANO AntiVirus
Trojan.Win32.Crossrider1.dupcta
0.30.24.3079

Panda Antivirus
Trj/Genetic.gen
15.09.16.12

Qihoo 360 Security
Win32/Virus.Adware.178
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
15.9.16.12

Rising Antivirus
PE:Packer.Win32.Crypt.ej!1615883[F1]
23.00.65.15914

Sophos
Generic PUA PM (PUA)
4.98

Trend Micro
TROJ_GEN.R01TC0EH615
10.465.16

VIPRE Antivirus
Trojan.Win32.Generic
43520

Zillya! Antivirus
Adware.MultiPlug.Win32.392257
2.0.0.2374

File size:
863.5 KB (884,224 bytes)

Copyright:
Copyright (C) 2015

Original file name:
2015072916003864

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\exportaappplicati\llzncupgssuaol.dll

File PE Metadata
Compilation timestamp:
7/29/2015 7:05:06 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:iiMsCmaJsGUwaEFPJyr1ZS/bl+7WPSIMD:iilCfBJyfWS

Entry address:
0x45051

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, EC, 53, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, C8, E9, 06, 10, E8, A0, 0B, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 18, AC, 0B, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 90, 47, 06, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
4.3879

Developed / compiled with:
Microsoft Visual C++

Code size:
363 KB (371,712 bytes)

Internet Explorer BHO
Display name:
ExpORtAApppLicati

CLSID:
{9BCB9B39-88F1-48AD-991F-E06E8C301CC5}


Remove llzncupgssuaol.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.