home

ewar.dll

MD5:
dfbb6b6bead4cd320eba71d802016d6a

SHA-1:
4d225828522dfe377636ef5464506fd61ec9d4a3

SHA-256:
1c6acb944751b6a873d62918b3d9c7356a3d2e1e0ec5b3e076bf4fba35a1f925

Scanner detections:
4 / 68

Status:
Clean  (4 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/4/2025 2:52:22 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Win32/Blacked
2015.0.4604

Emsisoft Anti-Malware
Gen:Trojan.Heur.GM.0400460010
11.5.0.6191

ESET NOD32
Win32/Packed.VMProtect.ABO trojan
7.0.302.0

Norman
Gen:Trojan.Heur.GM.0400460010
28.05.2016 13:03:37

File size:
178.5 KB (182,784 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Documents and Settings\{user}\Local settings\temporary internet files\content.ie5\{random}\ewar.dll

File PE Metadata
Compilation timestamp:
6/27/2016 3:53:27 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
3072:anvuYRVhb81opNAR854supZLXPiyIKUfRbxvweDAgbpO5jzBfDA8AaRLae:QR3mUyR85i1fiypkx4eMiO5vT

Entry address:
0x4491C

Entry point:
68, F0, 25, 5A, BB, E8, 96, 53, FF, FF, D6, 6B, 95, 78, 78, 89, 47, 40, DA, 30, 8E, CC, 4B, AA, 45, FF, B5, F1, EF, 7F, 73, 64, 95, 85, 9B, C9, 16, 04, B5, 02, C0, 70, 25, 38, DE, 81, 05, 3D, A1, EF, 4F, 54, E3, 6B, 87, 10, D3, C2, CE, 96, 4C, 83, 61, 79, 19, 67, 94, CE, 2E, 3F, A8, 03, 57, 72, F6, FE, 0D, AC, C6, 48, 57, B5, D8, E9, 89, 61, 9E, 60, AB, 47, BE, 3A, C3, 6B, BE, 72, 7C, 70, 76, 1A, 7B, 1C, F1, 87, 4A, A0, 1D, 3F, EF, 11, 8E, 2B, 63, CF, AB, 49, D1, F3, A8, 57, 73, 69, DA, 84, 74, 20, F9, 60...
 
[+]

Code size:
47.5 KB (48,640 bytes)

The file ewar.dll has been seen being distributed by the following URL.

http://elswordhack.net/wordtrainer/.../ewar.dll

Scan ewar.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.