» qgafyylo.dll
Overview
Analysis
File Details

qgafyylo.dll

Big Water Applications, LLC

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The module qgafyylo.dll by Big Water Applications has been detected as adware by 10 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup.

File name:

qgafyylo.dll

Publisher:

Big Water Applications, LLC (signed and verified)

MD5:

3937882bb24c73556e4a3bd57ed387c3

SHA-1:

7bd77327168a0f6496da71d40b9ce5430e9fac25

SHA-256:

eb33e4bdda91ff4f551b5702a65f1d3a49d06cd3a75ebf29c386b85f90f4eb90

Scanner detections:

10 / 68

Status:

Adware

Explanation:

Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:

9/16/2024 6:40:14 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

ADWARE/Adware.Gen

8.3.1.6

AVG

Potentially harmful program Downloader.DIA

2014.0.4311

Baidu Antivirus

Adware.MSIL.PullUpdate

4.0.3.15518

ESET NOD32

MSIL/Adware.PullUpdate.C application

7.0.302.0

Kaspersky

not-a-virus:AdWare.MSIL.PullUpdate

15.0.0.543

NANO AntiVirus

Riskware.Win32.PullUpdate.dgrkww

0.30.24.1357

Panda Antivirus

Generic Suspicious

15.05.18.09

Reason Heuristics

Threat.Injekt.BigWaterApplications

15.5.18.4

Rising Antivirus

PE:Adware.PullUpdate!6.225B

23.00.65.15516

Zillya! Antivirus

Adware.PullUpdate.Win32.167

2.0.0.2179

File size:

1.1 MB (1,187,656 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\ProgramData\application data\uuweyjq\dat\qgafyylo.dll

Digital Signature

Signed by:

Big Water Applications, LLC

Authority:

VeriSign, Inc.

Valid from:

5/27/2014 7:00:00 PM

Valid to:

5/28/2015 6:59:59 PM

Subject:

CN="Big Water Applications, LLC", O="Big Water Applications, LLC", L=La Jolla, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0C8B8C8404BDAF0C09C54486BDE81E2C

File PE Metadata

Compilation timestamp:

10/1/2014 8:43:03 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:XPNOwb1vdT8fJ74XmtN5fsPpkk1U+T/ps98A3PxZyT/DA3:/p1VIf54XRU+T/qRPiTLA3

Entry address:

0xB0FF4

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 52, C1, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, 34, 91, 11, 45, 00, 74, 05, E9, A5, C1, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03... 
[+]

Entropy:

6.2683

Code size:

821.5 KB (841,216 bytes)

Remove qgafyylo.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.