home

dllfixer.exe

DLL-Files Fixer

Tilf AB

The application dllfixer.exe by Tilf AB has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program RegCure Pro by ParetoLogic, Inc.. The file has been seen being downloaded from fs10n5.sendspace.com and multiple other hosts. While running, it connects to the Internet address dd.e7.25ae.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
Dll-FIles.Com  (signed by Tilf AB)

Product:
DLL-Files Fixer

Version:
3.0.81.2643

MD5:
af11b6d23604af06d0bf2ab1a1e9159a

SHA-1:
01ce588911b89ca6cf5f2cf87f1f5e5cd86aeeec

SHA-256:
81bc917c3c44a6099b1da73dc3a662e6d2f69f3157407d47def4c87599efb15a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 9:32:11 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.DLLFiles (L)
16.9.8.12

File size:
8.5 MB (8,943,552 bytes)

Product version:
3.0.81.2643

Copyright:
Copyright (C) 2012 Dll-FIles.Com. Portions Copyright (C) Systweak Inc. All rights reserved.

Trademarks:
DLL-Files Fixer

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\dll-files.com fixer\dllfixer.exe

Digital Signature
Signed by:
Tilf AB

Authority:
COMODO CA Limited

Valid from:
2/27/2012 3:00:00 AM

Valid to:
2/27/2015 2:59:59 AM

Subject:
CN=Tilf AB, O=Tilf AB, STREET=Norra Vallgatan 20, L=Malmö, S=skane, PostalCode=21125, C=SE

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00BB32FDE7CE2BDCDDEEC9106679A55AB6

File PE Metadata
Compilation timestamp:
4/11/2013 1:34:31 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:sUMr5F/GyBzhayepLTaS/XNteNY9ut69c:sPFOyvpiHaS/mNYfO

Entry address:
0x102B79

Entry point:
E8, A6, A1, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, 30, C7, 63, 00, 75, 02, F3, C3, E9, 28, A2, 00, 00, 8B, FF, 51, C7, 01, 4C, E2, 5D, 00, E8, 20, A3, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, EB, E8, FD, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, 58, A3, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 14, 75, 20, E8, 99, 45, 00, 00, 53...
 
[+]

Entropy:
6.8681

Code size:
1.8 MB (1,928,704 bytes)

The file dllfixer.exe has been discovered within the following program.

RegCure Pro  by ParetoLogic, Inc.
Publisher's description - “RegCure Pro is packed with the tools you need to boost your PC's speed and performance. Featuring an intuitive interface and easy-to-use work flow, RegCure Pro scans common problem areas - and quickly and safely fixes them.”
www.paretologic.com/products/regcurepro
53% remove it
 
Powered by Should I Remove It?

The file dllfixer.exe has been seen being distributed by the following 6 URLs.

https://fs10n5.sendspace.com/dl/5038adc8e966b606d05d132a61764951/584dc0fb1a01eb8e/.../DLLFixer.exe

https://fs10n3.sendspace.com/dl/513dd43d3895fe75cb5b8c66b3648b7a/588c7d4e1df5ec7a/.../DLLFixer.exe

https://fs10n1.sendspace.com/dl/8482930a68018f322d01b9e2f2711f39/580cb7151b63ad19/.../DLLFixer.exe

https://fs10n3.sendspace.com/dl/cb6369dcd7f828752fb42251379dfbd3/57d096193708289f/.../DLLFixer.exe

https://fs10n3.sendspace.com/dl/0b321a1f2738daf046ea06f7a927e8f4/56e9aa1876015c55/.../DLLFixer.exe

https://fs10n4.sendspace.com/dl/50e6af77ad190f01804cca1502c20400/57409feb2a4ed516/.../DLLFixer.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to dd.e7.25ae.ip4.static.sl-reverse.com  (174.37.231.221:80)

TCP (HTTP):
Connects to a0.f0.2bd0.ip4.static.sl-reverse.com  (208.43.240.160:80)

Remove dllfixer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.