» easyanticheat_x86.dll
Overview
Analysis
File Details
Downloads (1)

easyanticheat_x86.dll

EasyAntiCheat

EasyAntiCheat Ltd

The library easyanticheat_x86.dll, “EasyAntiCheat Client” has been detected as malware by 8 anti-virus scanners. The file has been seen being downloaded from sandra.easyanticheat.net.

File name:

Publisher:

EasyAntiCheat Ltd (signed and verified)

Product:

EasyAntiCheat

Description:

EasyAntiCheat Client

Version:

1, 0, 2, 0

MD5:

cc8c919e8b179c85847edc01e8910e3a

SHA-1:

92d345e1bda86abe725250f514ba6eee98f93532

SHA-256:

e43ed235d42f07b1fc1db0d1d8be680fcb865e656c5e519b138d86ffa4ba2864

Scanner detections:

8 / 68

Status:

Malware

Analysis date:

12/27/2024 7:29:41 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Generic.Malware.Fdld.9A8BB157

598

Bitdefender

Generic.Malware.Fdld.9A8BB157

1.0.20.835

Emsisoft Anti-Malware

Generic.Malware.Fdld.9A8BB157

8.15.06.16.11

F-Secure

Generic.Malware.Fdld.9A8BB157

11.2015-16-06_3

G Data

Generic.Malware.Fdld.9A8BB157

15.6.24

IKARUS anti.virus

Virus.SuspectCRC

t3scan.1.8.3.0

MicroWorld eScan

Generic.Malware.Fdld.9A8BB157

16.0.0.501

Trend Micro House Call

Suspicious_GEN.F47V1110

7.2.167

File size:

19 KB (19,488 bytes)

Product version:

1, 0, 2, 0

Original file name:

EasyAntiCheat.dll

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\users\{user}\downloads\easyanticheat_x86.dll

Digital Signature

Signed by:

EasyAntiCheat Ltd

Authority:

GlobalSign nv-sa

Valid from:

4/22/2014 6:15:40 PM

Valid to:

4/17/2015 2:58:00 PM

Subject:

CN=EasyAntiCheat Ltd, O=EasyAntiCheat Ltd, L=Espoo, C=FI

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121FAEE84FA4ADDD304CD007E7E4DBF66C0

File PE Metadata

Compilation timestamp:

10/13/2014 2:35:39 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

384:tFdCYZ2sH8qelAJL3WaWMGVbbIIKpwnLF5uJGYQY:cTAPLGkGhbfgeLFC0Y

Entry address:

0xA410

Entry point:

80, 7C, 24, 08, 01, 0F, 85, B9, 01, 00, 00, 60, BE, 00, 80, 00, 10, 8D, BE, 00, 90, FF, FF, 57, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB... 
[+]

Entropy:

7.4612

Code size:

12 KB (12,288 bytes)

The file easyanticheat_x86.dll has been seen being distributed by the following URL.

http://sandra.easyanticheat.net/.../EasyAntiCheat_x86.dll

Remove easyanticheat_x86.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.