» asshurt.dll
Overview
Analysis
File Details
Downloads (10)

asshurt.dll

The library asshurt.dll has been detected as malware by 8 anti-virus scanners. The file has been seen being downloaded from www.dropbox.com and multiple other hosts.

File name:

asshurt.dll

MD5:

d8256bf1df62f43282bfa7e2d6e55937

SHA-1:

e25190461d41f41d7283850176512c5ffed33fe5

SHA-256:

3f4402a80158e348a4c768ba852a2e21151828672e0233ce37175175c2870ac9

Scanner detections:

8 / 68

Status:

Malware

Analysis date:

12/26/2024 2:24:22 AM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

Troj.Black.Gen2!c

2.1.4+

Avira AntiVirus

TR/Black.Gen2

8.3.3.2

AVG

Win32/Blacked

2017.0.2807

Bkav FE

HW32.Packed

1.3.0.7744

ESET NOD32

Win32/Packed.VMProtect.ABO (variant)

10.13165

Qihoo 360 Security

HEUR/QVM36.0.Malware.Gen

1.0.0.1120

Rising Antivirus

PE:Malware.Generic(Thunder)!1.A1C4 [F]

23.00.65.16310

Sophos

Mal/VMProtBad-A

4.98

File size:

373 KB (381,952 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\users\{user}\downloads\asshurt.dll

File PE Metadata

Compilation timestamp:

3/11/2016 4:29:18 PM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

6144:iuH/CQWwVcQ132ufCdnhREK0jJyjwLM6H9ly24TI8mkgbTJX922mZ22LzH:iuHp9WQ132ufp1E0M6HCI8mkgbTWZ7zH

Entry address:

0x72557

Entry point:

53, C7, 04, 24, 0B, D3, F1, DF, E8, C5, 17, FD, FF, 8D, 64, 24, 4C, 0F, 84, 81, 20, FD, FF, F8, F7, C6, A2, 45, 3D, 20, 9C, C6, 04, 24, 6D, 2C, 30, 0F, A3, E8, 9C, E9, 74, E9, FF, FF, 82, 94, E2, B6, 68, C7, 29, EA, E9, 77, 4E, 9C, 5A, 14, E0, 55, 9D, E3, 4E, ED, 62, C6, 8A, B9, 77, 97, 32, 6C, 5D, D9, B6, 2A, 0E, A7, 67, 0A, DF, 9A, 6C, C9, 43, 30, 7B, 85, E7, 1A, 53, BF, 58, EA, 5B, 94, 39, B0, BD, 72, AD, 9B, 60, 3B, E1, 0A, BC, AB, C8, A0, 1D, 7A, 1A, BF, C6, C0, 1A, F5, 9F, F6, 13, 59, E1, 56, FF, E9... 
[+]

Entropy:

7.5263

Code size:

109 KB (111,616 bytes)

The file asshurt.dll has been seen being distributed by the following 10 URLs.

https://www.dropbox.com/sh/5k71ezsqk6px1qa/.../asshurt.dll?dl=1

https://ln.sync.com/mfs/p/asshurt.dll?cachekey=38f45aebe722a1556383fa8f772f565cf127d73c0f1a8090f48c85e4d487e6204&linkcachekey=7713ec2c0&datakey=LobfzPrOTXu3IxqiZISUTAlAfuuaYihULxv3ZBiubQ1OX7B2XXjM0AdHjJs9Y8mp5luuvbMhCVYkHY45sccX4Rw1pSsl8hvyEFI5vuLShaHr9A8AhfrpQEQlZ1enFAMAKcPjE0DImqD 3rgIz69jJ3gCoAl16E0oPlg sN QkS/.../2XNyUaW5y9aw7JSJFW9Tgj31RLAGMze2E7qVGOHTmt1QQBLtWwvwMNEB7WFGBsyLS8Uk49QJbxe59KwEpTEAkvmxiRT4P2t54t8kueKMCZOsgcg&mode=100&header1=Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0&header2=Q29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9ImFzc2h1cnQuZGxsIg

https://ln.sync.com/mfs/p/.../4PyjohNquHT6B2217CJzr8xmfxKvIrbShmfomNjKelyGYeiPTA&mode=100&header1=Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0&header2=Q29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9ImFzc2h1cnQuZGxsIg

https://ln.sync.com/mfs/p/asshurt.dll?cachekey=38f45aebe722a1556383fa8f772f565cf127d73c0f1a8090f48c85e4d487e6204&linkcachekey=7713ec2c0&datakey=qmWyhwz50w2uCIsKqtvrxrVlRQGimUZoVK4cTieCxDdmoZUEYj4MXf/70tHLnn0 NmD7GeNYS2yE6pKmVb fqLoH3qUXhQxhJGVhrh75sE7DelhehOkOHr4GX9GWydxYP7DOtksgo/gRw/iba wR7i5CSStH9CUpUtJ11Y4EoAMnNIrpO/vcHtCBls6mZHXKOqVL89Iduwh8t9cT0hhvDSo44rzAu6ehrEy26WjPPO8hwAH2MyioTtUmAP6ror5iKua2y8O8GHPVkjv04G Pdi ZTp3/.../y9gw&mode=100&header1=Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0&header2=Q29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9ImFzc2h1cnQuZGxsIg

https://ln.sync.com/mfs/p/asshurt.dll?cachekey=38f45aebe722a1556383fa8f772f565cf127d73c0f1a8090f48c85e4d487e6204&linkcachekey=7713ec2c0&datakey=hmv/ 72mvb/mfeOaXfmV42gdkxFv1qiWYAUrk0tuWVuMLuc 92ulUayAmCR26LMzAY6s6SyRTr1TWkj8pWCFSFgO3iJAZ0vqwggGJ4n9noP8U/6i3nfx4rmgbZ1ml6MciYRSJigX2tg0EhnQJOqBFASMc2A8yLGfPR6BPypXAhrLebnIKFwAFPgDVzhxARaHsKFO7rIr5b8QLEJpwpqOsmBaLi36CCnq97l/jH8Zmqg7ybnUS7Vv9LMOB9ARl36kQwEwA fpZMoFL6 fv8FS6b8QtfyaPDvN7dnJz3wXQnm8cHCMWDtKLHamaIyNnw/.../t8vH4MSYO3Nyog&mode=100&header1=Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0&header2=Q29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9ImFzc2h1cnQuZGxsIg

https://ln.sync.com/mfs/p/asshurt.dll?cachekey=38f45aebe722a1556383fa8f772f565cf127d73c0f1a8090f48c85e4d487e6204&linkcachekey=7713ec2c0&datakey=nM1PzsEoFTsn/IXQ/TyBAee5jzFJCHNT6wglECiIdm2KAsDX6d 6EjwtyK2juMz5i817 3bhdKaFDG/JM3RbHuLg0KeOcvSHi3I2PgmDT9IS/7gMf2W7To33JJEIoiOd0NHNqrqSxUK9WXIGrZdAPQML3NKZ7Exiq5QJxOwcrfUh5tehJ4P5THQc7qa /4bNJIe/ u IJ9Gu/fLz8dYTnEbg9/.../6H gLPPcY8LnBZNvka8lae6giqAE X9nmrNeRG4TAoS5x7gfcsCxt2wYHQb0arVvTXzEflRkVaD0sw&mode=100&header1=Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0&header2=Q29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9ImFzc2h1cnQuZGxsIg

https://mega.nz/temporary/.../q51S2ayC

https://ln.sync.com/mfs/p/asshurt.dll?cachekey=38f45aebe722a1556383fa8f772f565cf127d73c0f1a8090f48c85e4d487e6204&linkcachekey=7713ec2c0&datakey=BzszdGi6k4xUu5m9wLe3WTgcmsI84oSqz5C 8o9xgcMoDjwigxOhwXvAHlR6P0QSeD55G2tNu4ccA3J93psKdc8nHS5oDTNWzUBfRVP ecSX3HPJwA5S9yB8VaeAl/3Ffohtp mcDRO oTSk 0/.../HmxdKQaEys9MWgJm5g89dAQyq9STOJAobYvZKExaPWcAFF wE3ZBNArODBEogNWB9M 1FLiu3CD iDCCDqtBtE0NPJYsUWOomqG28Z3lHkihg&mode=100&header1=Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0&header2=Q29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9ImFzc2h1cnQuZGxsIg

https://ln.sync.com/mfs/p/asshurt.dll?cachekey=38f45aebe722a1556383fa8f772f565cf127d73c0f1a8090f48c85e4d487e6204&linkcachekey=7713ec2c0&datakey=JWPznPrJ05JO9uAAXunsHPMlDedMSrblKHvLPnHJ8yRhTLTxYPhubCXc2lkWfXSx8ymr5PrV1tRa667NGZy4 gJrRCPUzC5pM/0oxGy l5kLyo0NbKrQgTt 4IzC4GICk5k56iAj1gc4bA0EGNnr7HRRTnaVbfQIMfByIKhDyvj8eB6c4S36g7tljxfEPvLg1UlzQKlf/xf5doE1q5GQh9aE1plKaeJdmguiMuHEJKB/Ol7/eAprbVBl5wPbpAeimNLA/.../NPziA&mode=100&header1=Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0&header2=Q29udGVudC1EaXNwb3NpdGlvbjogYXR0YWNobWVudDsgZmlsZW5hbWU9ImFzc2h1cnQuZGxsIg

https://ln.sync.com/mfs/p/asshurt.dll?cachekey=38f45aebe722a1556383fa8f772f565cf127d73c0f1a8090f48c85e4d487e6204&linkcachekey=7713ec2c0&datakey=SVcMqRQw0JPA KbsmRD41hqzdhsjRd2nOnJd3M1w1JOduDfkL02j2G0NQGb2gUTi9/GYo8bp6m6i2B9sBN tmtguM sGIDMf2zpdS55DJ8AMzYRVjRNha5D cnQj4mox6FNljKm6JGEkvSnP9vzv/lIautL99pK1s TqLFQHUpmiMQy8Qt0T9kvBaLiuSc9va2jQau4BtmQuUkX2/ytx919/.../gMBZO IKVygPUSWXNlgHTTBBwCl2ULYrdxabae5kOICrvcZelewA&mode=100&header1=Q29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi9vY3RldC1zdHJlYW0&header2=Q29udGVudC1EaXNwb3NpdGlvbjogaW5saW5lOyBmaWxlbmFtZT0iYXNzaHVydC5kbGwi

Remove asshurt.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.