rlmshwfzyzc.dll

Green Fire Software

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The module rlmshwfzyzc.dll by Green Fire Software has been detected as adware by 11 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup.
Publisher:
Green Fire Software  (signed and verified)

MD5:
87f87853cab7743be55e6ed653fa7f29

SHA-1:
4d5b406e177d6582712d677592b8e3167882fc3d

SHA-256:
486b6b3b10c6e7ca5203ba927452ffd20325d3fb5562ec36d0a3fd52f7be9a2b

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
12/25/2024 1:27:38 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/AgentCV.A.35470
7.11.164.86

AVG
Downloader
2015.0.3264

Comodo Security
ApplicUnwnt
19010

Fortinet FortiGate
Adware/PullUpdate
12/11/2014

IKARUS anti.virus
AdWare.MSIL.Adware
t3scan.1.6.1.0

McAfee
Artemis!87F87853CAB7
5600.6920

NANO AntiVirus
Riskware.Win32.AgentCV.dcydok
0.28.2.61148

Qihoo 360 Security
Win32/Virus.Adware.0de
1.0.0.1015

Reason Heuristics
PUP.GreenFireSoftware.L
14.12.11.4

Trend Micro House Call
Suspicious_GEN.F47V0722
7.2.345

VIPRE Antivirus
MSIL.Adware.PullUpdate
31710

File size:
1.1 MB (1,177,968 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\ProgramData\uvqyvmb\dat\rlmshwfzyzc.dll

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
9/20/2013 2:00:00 AM

Valid to:
9/21/2014 1:59:59 AM

Subject:
CN=Green Fire Software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Green Fire Software, L=La Jolla, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
38E34FCC0FDD5E91FD5048A198AAABF1

File PE Metadata
Compilation timestamp:
6/13/2014 1:52:53 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:whmgEGlbXaASsLoJktqV8UrVVZOr6OeshtZB2zTrsN:lKlTXSeoZVVZOr6wPZYTQN

Entry address:
0xAF7F4

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 22, C1, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 80, 00, 00, 00, 72, 0E, 83, 3D, D4, 70, 11, 10, 00, 74, 05, E9, 75, C1, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03...
 
[+]

Code size:
814 KB (833,536 bytes)

Remove rlmshwfzyzc.dll - Powered by Reason Core Security