mevfhgewn.dll

Ratio Applications

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The module mevfhgewn.dll by Ratio Applications has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Ratio Applications  (signed and verified)

MD5:
67d5164452f6083ae92f735b1724c173

SHA-1:
564609b97a85c0f8efd07fd927360fa3313f0ff1

SHA-256:
24671351c00ff40542a743442727c58cd38f8f1907532f9f3050fb8b21ee4423

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
12/25/2024 5:28:30 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Injekt (M)
17.3.11.9

File size:
1.1 MB (1,186,144 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\ProgramData\paiwsnu\dat\mevfhgewn.dll

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
4/1/2014 2:00:00 AM

Valid to:
4/2/2015 1:59:59 AM

Subject:
CN=Ratio Applications, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ratio Applications, L=St. James, S=St. James, C=BB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
352ECA57D8FB6A999A86A031DD989803

File PE Metadata
Compilation timestamp:
9/16/2014 9:31:00 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0xB0C74

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 42, C1, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 34, 91, 11, 45, 00, 74, 05, E9, 95, C1, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03...
 
[+]

Code size:
820.5 KB (840,192 bytes)

Remove mevfhgewn.dll - Powered by Reason Core Security