» dllhost.exe..
Overview
Analysis
File Details
Behaviors (1)
Downloads (1)

dllhost.exe..

時況さま桜花桜期の桜のるら知開花花期さ桜る期れ開れ花発らの

花せ時花ま発知され桜況まられ開ま花開開知ま時表れ花らら開況

The file dllhost.exe.., “Windows Logon Application” has been detected as malware by 6 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘f1d7bcbf5b2969d1b6cfb0327d2946ac’. The file has been seen being downloaded from exeupp.com.

File name:

dllhost.exe..

Publisher:

花せ時花ま発知され桜況まられ開ま花開開知ま時表れ花らら開況

Product:

時況さま桜花桜期の桜のるら知開花花期さ桜る期れ開れ花発らの

Description:

Windows Logon Application

Version:

24.26.99.24

MD5:

33464d612905a7e063242c628b289564

SHA-1:

237725cc981d0e14419d226983eed22a14b950cc

SHA-256:

62ac4663ea108246ebb7129066508e3cf33da0b58872ed31617815d20fbd5ac0

Scanner detections:

6 / 68

Status:

Malware

Analysis date:

11/27/2024 10:28:33 PM UTC (today)

Scan engine

Detection

Engine version

avast!

MSIL:Agent-AOL [Trj]

160215-2

Emsisoft Anti-Malware

Gen:Variant.Barys.12028

11.5.0.6191

ESET NOD32

MSIL/Bladabindi.AH worm

7.0.302.0

F-Secure

Variant.Barys.12028

5.15.21

Microsoft Security Essentials

Threat.Undefined

1.215.494.0

Norman

Gen:Variant.Barys.12028

29.02.2016 05:46:54

File size:

126.5 KB (129,536 bytes)

Product version:

24.26.99.24

るま況期況さ時れを開表桜期時開発桜まま開期れ桜せ桜状桜桜さ

Trademarks:

さ開花る況の期開期発表桜さ開桜表表桜花知の知まれ知を花時開

Original file name:

Microsoft Corporation.exe

Language:

Language Neutral

Common path:

C:\Documents and Settings\{user}\Application data\dllhost.exe..

File PE Metadata

Compilation timestamp:

3/6/2016 2:00:24 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:pl2VTKGePryjgzd+pgjkYkY7dh983Ye5wQFCwfH/85:suGir+2sgbtdh9te5F/85

Entry address:

0x10456

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

57.5 KB (58,880 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

f1d7bcbf5b2969d1b6cfb0327d2946ac

Command:

"C:\Documents and Settings\{user}\Application data\dllhost.exe"..

The file dllhost.exe.. has been seen being distributed by the following URL.

https://exeupp.com/.../Pro_Fac_Hacker.2.v1.exe

Remove dllhost.exe.. - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.