Fb2kShellExt.dll

foobar2000

Peter Pawlowski

The file Fb2kShellExt.dll, “foobar2000 shell extension” has been detected as a potentially unwanted program by 6 anti-malware scanners. The file has been seen being downloaded from downloadcloud.ru.
Publisher:
Peter Pawlowski

Product:
foobar2000

Description:
foobar2000 shell extension

Version:
1.0.0.7

MD5:
4a85bc1b3f3e058844721a80e4b24b37

SHA-1:
1ce3d1e484b555269fe47eea87ee27d5cd235f88

SHA-256:
3ef54e0757ca071bf8a9a74a6ae811e24c3546b6fa5768d83003cc0790f1b5f0

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 6:03:37 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2725868
5719984

Emsisoft Anti-Malware
Trojan.GenericKD.2725868
10.0.0.5366

ESET NOD32
Win32/MediaMagnet.CF potentially unwanted application
7.0.302.0

F-Secure
Trojan.GenericKD.2725868
5.14.151

Norman
Trojan.GenericKD.2725868
04.08.2015 10:30:46

VIPRE Antivirus
Threat.4150696
43152

File size:
546 KB (559,104 bytes)

Product version:
0.9.7

Copyright:
(c) Peter Pawlowski. All rights reserved.

Original file name:
Fb2kShellExt.dll

Common path:
C:\users\{user}\appdata\local\temp\4a58.tmp

File PE Metadata
Compilation timestamp:
9/14/2015 5:07:54 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
1.71

CTPH (ssdeep):
12288:J3WEwGYH7lzs0fuvKIuYrx7aUWUvyrbotVnFLPDno:JpwXHa0m4YHFtVhPzo

Entry address:
0x94D90

Entry point:
80, 7C, 24, 08, 01, 0F, 85, D9, 01, 00, 00, 60, BE, 00, 40, 41, 00, 8D, BE, 00, D0, FE, FF, 57, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Code size:
516 KB (528,384 bytes)

The file Fb2kShellExt.dll has been seen being distributed by the following URL.

Remove Fb2kShellExt.dll - Powered by Reason Core Security