250ecb899da04daeb39166d8f2749d1b.dll

The module 250ecb899da04daeb39166d8f2749d1b.dll has been detected as a potentially unwanted program by 28 anti-malware scanners. The file has been seen being downloaded from download2129.mediafire.com.
MD5:
d57e7fd535973374e10c8be840d1661f

SHA-1:
199818ced4e86b4e89f5ee2d4c80361e2583e57f

SHA-256:
f9826cd2ffddf1fc58df262b7c7d6229ed7aa6d41edf301a299f87504c32a791

Scanner detections:
28 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 4:10:33 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.40842
604

Agnitum Outpost
TrojanSpy.VB
7.1.1

Avira AntiVirus
TR/Spy.VB.dzi
7.11.212.236

avast!
Win32:PUP-gen [PUP]
2014.9-150611

AVG
PSW.Generic9
2016.0.3082

Bitdefender
Gen:Variant.Graftor.40842
1.0.20.810

Clam AntiVirus
Win.Trojan.Trojanspy
0.98/21511

Comodo Security
TrojWare.Win32.TrojanSpy.VB.~MG
21237

Dr.Web
Trojan.PWS.Spy.11485
9.0.1.0162

Emsisoft Anti-Malware
Gen:Variant.Graftor.40842
8.15.06.11.05

F-Secure
Gen:Variant.Graftor.40842
11.2015-11-06_5

G Data
Gen:Variant.Graftor.40842
15.6.25

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.8.6.0

McAfee
Artemis!D57E7FD53597
5600.6738

MicroWorld eScan
Gen:Variant.Graftor.40842
16.0.0.486

NANO AntiVirus
Trojan.Win32.VB.ecmbd
0.30.0.296

Norman
VBTroj.JNRN
11.20150611

nProtect
Trojan/W32.Small.10240.EE
15.02.27.01

Panda Antivirus
Trj/CI.A
15.06.11.05

Qihoo 360 Security
HEUR/QVM30.1.Malware.Gen
1.0.0.1015

Quick Heal
Trojan.Agent.r5
6.15.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.12A32F1B!312684315
23.00.65.15609

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TSPY_GRAFTOR_CA2501A9.TOMC
7.2.162

Trend Micro
TSPY_GRAFTOR_CA2501A9.TOMC
10.465.11

VIPRE Antivirus
Trojan.Win32.Generic
37988

ViRobot
Trojan.Win32.A.VB.10240.A[h]
2014.3.20.0

Zillya! Antivirus
Trojan.VB.Win32.93655
2.0.0.2084

File size:
10 KB (10,240 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\appdata\local\temp\250ecb899da04daeb39166d8f2749d1b.dll

File PE Metadata
Compilation timestamp:
8/19/2009 8:29:11 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
192:Mn/tuGMrcteAZmTxTSSAUza3XFcqsgVQMk:M/tuo8AMTRSR6W1oJ

Entry address:
0x1C17

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 1F, 04, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, CC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 40, 41, 00, 10, 89, 0D, 3C, 41, 00, 10, 89, 15, 38, 41, 00, 10, 89, 1D, 34, 41, 00, 10, 89, 35, 30, 41, 00, 10, 89, 3D, 2C, 41, 00, 10, 66, 8C, 15, 58, 41, 00, 10, 66, 8C, 0D, 4C, 41, 00, 10, 66, 8C, 1D, 28, 41, 00, 10, 66, 8C, 05, 24, 41, 00, 10, 66, 8C, 25, 20, 41, 00, 10, 66, 8C, 2D, 1C, 41, 00, 10, 9C, 8F, 05, 50, 41...
 
[+]

Entropy:
5.5004

Code size:
4.5 KB (4,608 bytes)

The file 250ecb899da04daeb39166d8f2749d1b.dll has been seen being distributed by the following URL.

Remove 250ecb899da04daeb39166d8f2749d1b.dll - Powered by Reason Core Security