home

qbase.dll

The library qbase.dll has been detected as malware by 5 anti-virus scanners. The file has been seen being downloaded from d.gamextazy.com.
MD5:
be113a5d401d3914cd1e50837d9dcb4f

SHA-1:
69c2fb03abf431af499ef11c23c0f99c23cf1e90

SHA-256:
e4df3414eb1d1dbbb18852d631205808ce93022490778d16cfcb452b3932f9eb

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
11/15/2024 11:40:29 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Baidu Antivirus
Trojan.Win32.Downloader
4.0.3.151021

Kaspersky
HEUR:Trojan-Downloader.Win32.Generic
14.0.0.1244

McAfee
Artemis!BE113A5D401D
5600.6572

Rising Antivirus
PE:Malware.DealCabby!6.351[F1]
23.00.65.151019

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

File size:
64 KB (65,536 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\appdata\local\temp\qbase.dll

File PE Metadata
Compilation timestamp:
6/12/2015 11:00:43 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
1536:luCvTrknzvBxGBhcrJ8QEBHez3kGNsju:luCvkLqsGQokSj

Entry address:
0x2E1D

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, DC, 29, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, F8, B1, 00, 10, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 40, B0, 00, 10, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, D0, FF, 00, 10, 89...
 
[+]

Code size:
40 KB (40,960 bytes)

The file qbase.dll has been seen being distributed by the following URL.

http://d.gamextazy.com/QBase.dll

Remove qbase.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.