ext.dll

The library ext.dll has been detected as malware by 8 anti-virus scanners. The file has been seen being downloaded from hitboxer.com.
MD5:
1a3852cb97f654ea845057159cf49193

SHA-1:
46690beda6c5cff2fda777eed1a7d93b2dc8e0ee

SHA-256:
c06fc56f8d7acc266472f2025114eeb5c6d477bae12b7a1ef50af69003a2d1af

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
12/25/2024 3:31:43 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
JS:Febiturk-C [Trj]
2014.9-140731

Dr.Web
Trojan.Guncelle.3
9.0.1.0212

F-Secure
Trojan:JS/Kilim.D
11.2014-31-07_5

G Data
Script.Trojan.Agent.6PRYKD
14.7.24

Kaspersky
HEUR:Trojan.Script.Generic
14.0.0.3479

Qihoo 360 Security
Trojan.Generic
1.0.0.1015

Trend Micro House Call
BREX_KILIM.AE
7.2.212

Trend Micro
BREX_KILIM.AE
10.465.31

File size:
2.6 KB (2,650 bytes)

File type:
Dynamic link library (Win64 DLL)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\ext.dll

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
24:C8/lZOsziuVv4D4DbkKxF/vIrO1LgcshGpKqjnWOGQO9M9fs96zCTvfsa:X7hiovxDnmrt2j429KGCbfZ

Entry point:
09, 63, 68, 72, 6F, 6D, 65, 2E, 77, 65, 62, 52, 65, 71, 75, 65, 73, 74, 2E, 6F, 6E, 42, 65, 66, 6F, 72, 65, 52, 65, 71, 75, 65, 73, 74, 2E, 61, 64, 64, 4C, 69, 73, 74, 65, 6E, 65, 72, 28, 0D, 0A, 20, 20, 20, 20, 20, 20, 20, 20, 66, 75, 6E, 63, 74, 69, 6F, 6E, 20, 28, 64, 65, 74, 61, 69, 6C, 73, 29, 20, 7B, 0D, 0A, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 20, 76, 61, 72, 20, 75, 72, 6C, 20, 3D, 20, 64, 65, 74, 61, 69, 6C, 73, 2E, 75, 72, 6C, 3B, 0D, 0A, 20, 20, 20, 20, 20, 20, 20, 20, 20...
 
[+]

Entropy:
3.5256

The file ext.dll has been seen being distributed by the following URL.

Remove ext.dll - Powered by Reason Core Security