home

QZoneClone.DLL

QQ空间克隆器

Elf Network Co.,Ltd

It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘QZoneCloneBHO’.
Publisher:
Elf Network Co.,Ltd  (signed and verified)

Product:
QQ空间克隆器

Description:
QZoneClone Class

Version:
2, 0, 0, 1

MD5:
2aa5c7b3df7b650aa6e2d1befe553a82

SHA-1:
471d7927c5903f07c76f30eb3e3d43371331cbc7

SHA-256:
a936e87f4018aeb6cb8157263cc5250f9db90ab5da26b8ebbc640fe74cb85fca

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/27/2024 9:00:08 PM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
UnclassifiedMalware
23690

ESET NOD32
Win32/Phobiq.A trojan
8.0.319.0

IKARUS anti.virus
Trojan.Win32.Phobiq
t3scan.1.9.5.0

File size:
274.9 KB (281,536 bytes)

Product version:
2, 0, 0, 1

Copyright:
Copyright 2012

Original file name:
QZoneClone.DLL

File type:
Dynamic link library (Win32 DLL)

Digital Signature
Signed by:
Elf Network Co.,Ltd

Authority:
VeriSign, Inc.

Valid from:
5/23/2012 8:00:00 AM

Valid to:
5/24/2013 7:59:59 AM

Subject:
CN="Elf Network Co.,Ltd", OU=QQAPP, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Elf Network Co.,Ltd", L=TianMen, S=HUBEI, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
25B8E35B53601AF536C5C4F8EC9828CF

File PE Metadata
Compilation timestamp:
9/28/2012 4:44:54 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:QfW3xjGBHh5UzLbpFGeSlUbUKuo1cvdKSlKKl2n12tcFDu:N3tGhQzTGeSlEU5o1YKSlr212uy

Entry address:
0x177D4

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, E7, AC, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 0F, B7, 08, 53, 56, 57, 66, 85, C9, 74, 2C, 8B, 5D, 0C, 0F, B7, 3B, 0F, B7, C9, 8B, F3, 66, 3B, F9, 74, 12, 0F, B7, D7, 66, 85, D2, 74, 14, 46, 46, 0F, B7, 16, 66, 3B, D1, 75, F1, 40, 40, 0F, B7, 08, 66, 85, C9, 75, DD, 2B, 45, 08, 5F, 5E, D1, F8, 5B, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 45, 08, 66, 83, 38, 00, 53, 56, 57, 74, 2A, 8B, 5D, 0C...
 
[+]

Entropy:
6.5342

Code size:
197 KB (201,728 bytes)

Internet Explorer BHO
Display name:
QZoneCloneBHO

CLSID:
{99C696D8-7270-4B8E-BF1C-83153D100E72}

CLSID name:
QZoneClone class


Scan QZoneClone.DLL - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.