api-ms-win-downlevel-shlwapi-l1-1-0.dll

The library api-ms-win-downlevel-shlwapi-l1-1-0.dll has been detected as malware by 1 anti-virus scanner. It runs as a Windows 64-bit kernel mode device driver named “ALS Sensor Filter”. Additionally, the file is typically installed by a number of programs including Razer Synapse 2.0 by Razer USA Ltd. and MyPC Backup by JDI BACKUP LIMITED. The file has been seen being downloaded from d24u51ac8ybaqu.cloudfront.net and multiple other hosts.
MD5:
a162f87d777e2631927c2ead8ba75cf1

SHA-1:
56db47a26a1651682e783a02e5123f76d6effd92

SHA-256:
e319082c23faa07865238e06844382d181ad3cdab44bcfaea7836fd601dba857

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/5/2024 9:59:21 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
(M)
16.6.6.1

File size:
9.5 KB (9,728 bytes)

File type:
Dynamic link library (Win64 DLL)

Common path:
C:\windows\temp\af3be18d-392e-4dc9-ba68-33671694f104\x86_microsoft-windows-downlevelapisets-shell_31bf3856ad364e35_7.1.7601.16492_none_cf025cff09637994\api-ms-win-downlevel-shlwapi-l1-1-0.dll

File PE Metadata
OS bitness:
Win64

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, C0, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Driver
Display name:
ALS Sensor Filter

Service name:
acpials

Type:
Kernel device driver (KernelDriver)

Group:
Base


The file api-ms-win-downlevel-shlwapi-l1-1-0.dll has been discovered within the following programs.

MyPC Backup  by JDI BACKUP LIMITED
MyPC Backup, a potentially unwanted program (PUP), is bundled with various adware installers and 3rd party download managers including CBS Interactive, Somoto, Conduit, Bechiro and others.
www.mypcbackup.com
70% remove it
Nexus Mod Manager  by Black Tree Gaming
The Nexus Mod Manager (NMM) is a free and open source piece of software that allows you to download, install, update and manage your mods through an easy to use interface.
About 7% of users remove it
Razer Synapse  by Razer Inc.
www.razersupport.com
About 5% of users remove it
Razer Synapse 2.0  by Razer USA Ltd.
Publisher's description - “Set-up instantly from the cloud with the world’s first cloud-based setting network for gamers. With Razer Synapse 2.”
About 9% of users remove it
Splashtop Streamer  by Splashtop Inc.
The Splashtop Remote products are a combination of a server, called Splashtop Streamer, and a variety of client products. The basic concept is that a user needs to install the free Splashtop Streamer on the target remote computer, and obtain a client on his/her mobile device.
www.splashtop.com/remote
About 8% of users remove it
Toolbar Terminator  by Abelssoft GmbH
www.abelssoft.de
About 12% of users remove it
 
Powered by Should I Remove It?

The file api-ms-win-downlevel-shlwapi-l1-1-0.dll has been seen being distributed by the following 2 URLs.

Remove api-ms-win-downlevel-shlwapi-l1-1-0.dll - Powered by Reason Core Security