ca2.dll

The library ca2.dll has been detected as malware by 13 anti-virus scanners. The file has been seen being downloaded from engenhariatm.com.
MD5:
d363c346bc628b9e4c4497eaf3aaf5e7

SHA-1:
1fa0612bb2185781f677512a6f88b338643d2a81

SHA-256:
80346d402bc9740c328abc2293558a710587a34ae00080b89fb39341f3ca2243

Scanner detections:
13 / 68

Status:
Malware

Analysis date:
12/26/2024 5:27:38 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.768565
363

Avira AntiVirus
TR/Kazy.152576.8
8.3.2.4

Arcabit
Trojan.Kazy.DBBA35
1.0.0.624

avast!
Win32:Malware-gen
2014.9-160207

AVG
Win32/Blacked
2017.0.2841

Bitdefender
Gen:Variant.Kazy.768565
1.0.20.190

Bkav FE
HW32.Packed
1.3.0.7383

Emsisoft Anti-Malware
Gen:Variant.Kazy.768565
8.16.02.07.08

F-Secure
Gen:Variant.Kazy.768565
11.2016-07-02_1

G Data
Gen:Variant.Kazy.768565
16.2.25

MicroWorld eScan
Gen:Variant.Kazy.768565
17.0.0.114

Panda Antivirus
Trj/Genetic.gen
16.02.07.08

Qihoo 360 Security
HEUR/QVM36.0.Malware.Gen
1.0.0.1077

File size:
149 KB (152,576 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\ca2.dll

File PE Metadata
Compilation timestamp:
11/5/2015 7:09:30 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:KwMejcSAXcczhzlyabu14Zewgg4WbGzo5V3zoDHobI:KheoYqbu14MLWGoXzobk

Entry address:
0x30F3C

Entry point:
68, 83, F9, 0A, 33, 88, 04, 24, C7, 04, 24, 28, E2, 02, 10, 68, 44, F6, 0F, 90, C7, 04, 24, B1, 9E, E9, 15, 9C, 60, 9C, 66, 89, 5C, 24, 08, 8D, 64, 24, 28, E9, 25, EB, 00, 00, 66, 89, 24, 24, 08, C0, E9, A8, DE, FF, FF, 9C, 88, 44, 24, 10, 9C, 8D, 64, 24, 34, 0F, 83, 14, 4B, 00, 00, 68, 5A, 55, FD, 57, 9C, E8, 34, E6, FF, FF, 83, C1, 01, 60, E8, E9, D3, FF, FF, 99, 39, 7A, 73, BB, 72, F6, A1, 5F, 6F, 69, 7F, 71, B1, BF, 5F, 51, 65, 63, 8D, 8B, 4D, 4B, 85, 83, 25, 26, 05, 06, E5, 81, BB, 41, 4A, C0, B8, 9D...
 
[+]

Code size:
38 KB (38,912 bytes)

The file ca2.dll has been seen being distributed by the following URL.

Remove ca2.dll - Powered by Reason Core Security