blackhawk-warzone.dll

The library blackhawk-warzone.dll has been detected as malware by 4 anti-virus scanners. The file has been seen being downloaded from dc224.4shared.com.
MD5:
a79f0846b921fe3f3131367529bfc605

SHA-1:
7849cac055e23877e36be3bef93cc47c94f8b388

SHA-256:
418fc558d3772de4b45613fff648d405bbaf32b9960f7f79c24b38d280f2dd86

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
12/29/2024 9:37:09 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
160518-2

Emsisoft Anti-Malware
Gen:Trojan.Heur.cyzcJKJL8vfi
16.07.02

F-Prot
W32/Heuristic-162!Eldorado (not disinfectable)
4.6.5.141

VIPRE Antivirus
Threat.4726955
50318

File size:
35.5 KB (36,372 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\downloads\blackhawk-warzone.dll

File PE Metadata
OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

CTPH (ssdeep):
768:MlvfN7elXQyZVWVfFGz+3xmv8DQpVqxieq:qvf8QgsFGz2K8DoVYieq

Entry address:
0x140D4

Entry point:
EB, 01, 68, 60, E8, 00, 00, 00, 00, 8B, 1C, 24, 83, C3, 12, 81, 2B, E8, B1, 06, 00, FE, 4B, FD, 82, 2C, 24, 17, E6, 46, 00, 0B, E4, 74, 9E, 75, 01, C7, 81, 73, 04, D7, 7A, F7, 2F, 81, 73, 19, 77, 00, 43, B7, F6, C3, 6B, B7, 00, 00, F9, FF, E3, C9, C2, 08, 00, A3, 68, 72, 01, FF, 5D, 33, C9, 41, E2, 17, EB, 07, EA, EB, 01, EB, EB, 0D, FF, E8, 01, 00, 00, 00, EA, 5A, 83, EA, 0B, FF, E2, EB, 04, 9A, EB, 04, 00, EB, FB, FF, E8, 02, 00, 00, 00, A0, 00, 5A, 81, EA, 45, 41, 01, 00, 83, EA, FE, 89, 95, A9, 57, 40...
 
[+]

Packer / compiler:
PE Spin v0.4x

Code size:
19 KB (19,456 bytes)

The file blackhawk-warzone.dll has been seen being distributed by the following URL.

Remove blackhawk-warzone.dll - Powered by Reason Core Security