ExpCLB.dll

ExpCLB

OOO

The module ExpCLB.dll by OOO has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Triasoft Inc.  (signed by OOO )

Product:
ExpCLB

Version:
1.02.0007

MD5:
9d65c615a1806ecd1949576ed060a900

SHA-1:
f2c31a7159169a3205f723c5e7898a3604dabee9

SHA-256:
2a70e97da3941a2ef51eacd493f3667201a93ddad4182388330bfc2ce700dd64

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 2:21:37 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.3.13.1

File size:
93.5 KB (95,712 bytes)

Product version:
1.02.0007

Copyright:
Copyright (c) 2014 Triasoft Inc.

Original file name:
ExpCLB.dll

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\triasoft\express\expclb.dll

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
3/7/2016 10:00:00 AM

Valid to:
3/8/2019 9:59:59 AM

Subject:
CN="OOO ""TRIASOFT-SERVIS""", O="OOO ""TRIASOFT-SERVIS""", STREET="5, building 23, street 4806, Zelenograd", L=Moscow, S=Moscow, PostalCode=124498, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
09C2413E3B0CACE3E855A2C1A5CADBD6

Registration
CLSID:
{35CB8A20-189E-4EAB-9F9A-5C02E04F9BBE}

ProgID:
ExpCLB.CryptoLib

COM registered:
Yes

File PE Metadata
Compilation timestamp:
6/22/2016 6:57:10 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x1B78

Entry point:
5A, 68, 4C, F4, 00, 11, 68, 50, F4, 00, 11, 52, E9, E9, FF, FF, FF, 00, 00, 00, 40, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, CB, 6B, 85, 17, 7D, 04, 3D, 40, 9A, AD, B2, B1, 9A, AB, FC, 59, 00, 00, 00, 00, 00, 00, 01, 00, 03, 00, 72, 54, 79, 70, 65, 20, 45, 78, 70, 43, 4C, 42, 00, 47, 00, 53, 54, 5F, 32, 30, 30, 31, 00, 00, 00, 00, 88, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 00, 00, 00, 00, 20, 8A, CB, 35, 9E, 18, AB, 4E, 9F, 9A, 5C, 02, E0, 4F, 9B, BE, 04, 00, 00, 00, 98, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v6.0

Code size:
56 KB (57,344 bytes)

Automation Object
CLSID:
{35CB8A20-189E-4EAB-9F9A-5C02E04F9BBE}

CLSID name:
ExpCLB.CryptoLib


Remove ExpCLB.dll - Powered by Reason Core Security