» work.dll
Overview
Analysis
File Details

work.dll

Lei Qing

The module work.dll by Lei Qing has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

work.dll

Publisher:

Lei Qing (signed and verified)

Version:

1000.0.1.37

MD5:

97eb0d8c790f53efa481a3a4799a8ad5

SHA-1:

eccd54d653d5bab1b8f8d90d117615c7a57270fe

SHA-256:

158d20f2e5f3116322a26860141279301087136be6ae7136ed14a6ecf6636e31

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

3/7/2026 2:24:21 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Elex.LeiQing.Meta (M)

16.7.9.11

File size:

201.9 KB (206,768 bytes)

Product version:

1000.0.1.37

File type:

Dynamic link library (Win32 DLL)

Language:

English

Common path:

C:\windows\syswow64\worker\45.0.2454.85\work.dll

Digital Signature

Signed by:

Lei Qing

Authority:

WoSign CA Limited

Valid from:

8/19/2015 3:00:23 AM

Valid to:

8/19/2016 3:00:23 AM

Subject:

CN=Lei Qing, L=Tianjin, S=Tianjin, C=CN

Issuer:

CN=WoSign Class 2 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

2B8E845E7AA055FC643B525DF3001A41

File PE Metadata

Compilation timestamp:

11/5/2015 4:31:54 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

12.0

CTPH (ssdeep):

6144:CcmG6mN7IpQ2x5FwAv9WW3hsFp0lHHL/bMR:Cm1paThsFClHHq

Entry address:

0x937C0

Entry point:

80, 7C, 24, 08, 01, 0F, 85, D9, 01, 00, 00, 60, BE, 00, 30, 06, 10, 8D, BE, 00, E0, F9, FF, 57, 83, CD, FF, EB, 0D, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46... 
[+]

Entropy:

7.9097

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 - v1.22, 0x

Code size:

196 KB (200,704 bytes)

Remove work.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.