asshurt.dll

The library asshurt.dll has been detected as malware by 13 anti-virus scanners. The file has been seen being downloaded from ln.syncusercontent.com and multiple other hosts.
MD5:
7b687ac707c6a474780348b3d3db8194

SHA-1:
00c220291b994cbe379589a98fc08c034bcf38d0

SHA-256:
cc607be35b705cc5b45376a978a2adc22953851032209784cc61f60fb487383b

Scanner detections:
13 / 68

Status:
Malware

Analysis date:
12/26/2024 2:37:07 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Black.Gen2
8.3.3.4

avast!
Win32:Malware-gen
2014.9-160507

AVG
Win32/Blacked
2017.0.2750

Comodo Security
UnclassifiedMalware
24922

ESET NOD32
Win32/Packed.VMProtect.ABO (variant)
10.13433

Fortinet FortiGate
W32/VMProtBad.A!tr
5/7/2016

G Data
Win32.Trojan.Agent.F6FOAR
16.5.25

IKARUS anti.virus
Trojan.Win32.VMProtect
t3scan.2.0.9.0

K7 AntiVirus
Trojan
13.224.19494

McAfee
RDN/Generic.tfr
5600.6406

Qihoo 360 Security
HEUR/QVM36.0.Malware.Gen
1.0.0.1120

Sophos
Mal/VMProtBad-A
4.98

Zillya! Antivirus
Trojan.Packed.Win32.84957
2.0.0.2839

File size:
519 KB (531,456 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\downloads\asshurt.dll

File PE Metadata
Compilation timestamp:
4/26/2016 8:54:58 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
12288:UN40KFeud04NwTr+g3gSlRG5YgpyOpuclTcxOyZAJH4d:MN5ud0ow2QlEymDcx/ZWH4d

Entry address:
0x1695BD

Entry point:
9C, C7, 04, 24, 97, 6C, 43, FF, 56, C7, 04, 24, B5, 36, F0, 64, 9C, 8D, 64, 24, 04, E9, B5, DC, 02, 00, 88, 0C, 24, 8D, 64, 24, 04, 0F, 84, 3A, 90, FF, FF, 54, 8D, 64, 24, 04, E9, 57, AE, 02, 00, F5, 3A, 07, E9, 37, 47, 00, 00, B3, 02, 8D, 64, 24, 2C, 9C, FF, 34, 24, 8D, 64, 24, 08, E8, CE, 3B, 00, 00, E9, 6A, 6B, 02, 00, E8, F7, 69, 00, 00, F7, D4, E4, B3, 72, 10, 6E, 13, 5E, 51, 1F, 94, EB, C4, 92, 31, F4, B7, CC, BB, 83, 10, 6A, 25, 47, 44, A6, CD, 9B, 1C, CA, B5, 89, 22, 90, 2F, 9B, 9B, A6, FC, AA, 58...
 
[+]

Entropy:
7.4971

Code size:
169.5 KB (173,568 bytes)

The file asshurt.dll has been seen being distributed by the following 2 URLs.

Remove asshurt.dll - Powered by Reason Core Security