GvnvpIo.dll

The library GvnvpIo.dll has been detected as malware by 23 anti-virus scanners. The file has been seen being downloaded from www.go890.com.
MD5:
94b7738c0020bac1992b7be3f0eb15cc

SHA-1:
b70c207a1fbacbabb07d2acb92f94e3314bbfa2f

SHA-256:
fbafa831b2f7e5a419a8dd20426c3365e005c1c320e120536392baf1e2590f3f

Scanner detections:
23 / 68

Status:
Malware

Analysis date:
11/5/2024 10:00:58 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Trojan.Downloader.bm4fa0YVYzib
252

Avira AntiVirus
TR/Dldr.Delphi.Gen
8.3.3.4

Arcabit
Trojan.Downloader.bm4fa0YVYzib
1.0.0.688

avast!
Win32:Malware-gen
2014.9-160527

AVG
Win32/DH
2017.0.2730

Baidu Antivirus
Win32.Backdoor.Yobdam
4.0.3.16527

Bitdefender
Gen:Trojan.Downloader.bm4fa0YVYzib
1.0.20.740

Comodo Security
TrojWare.Win32.TrojanDownloader.Dadobra.~JH9
25109

Emsisoft Anti-Malware
Gen:Trojan.Downloader.bm4fa0YVYzib
8.16.05.27.07

F-Prot
W32/S-85218be6
v6.4.7.1.166

F-Secure
Gen:Trojan.Downloader.bm4fa0YVYzib
11.2016-27-05_6

G Data
Gen:Trojan.Downloader.bm4fa0YVYzib
16.5.25

IKARUS anti.virus
Trojan-PWS.Win32.OnLineGames.FR
t3scan.2.0.9.0

K7 AntiVirus
Riskware
13.226.19724

Kaspersky
HEUR:Trojan-Downloader.Win32.Generic
14.0.0.146

Malwarebytes
Trojan.Dropper.PGen
v2016.05.27.07

McAfee
Artemis!94B7738C0020
5600.6386

MicroWorld eScan
Gen:Trojan.Downloader.bm4fa0YVYzib
17.0.0.444

NANO AntiVirus
Trojan.Win32.Delphi.ecnjgs
1.0.30.8482

Qihoo 360 Security
HEUR/QVM37.0.Malware.Gen
1.0.0.1120

Rising Antivirus
Malware.Undefined!8.C-39G0zXkKOD (Cloud)
23.00.65.16525

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

Zillya! Antivirus
Downloader.bm4faKyQgSpb.Win32.1
2.0.0.2891

File size:
25.5 KB (26,112 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\gvnvpio.dll

File PE Metadata
Compilation timestamp:
6/20/1992 6:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
768:1qlCfjaTTbROC+3LFjAFzR91FVebh4jNMXBscp:wl2afB+7FjIR97V2hlX

Entry address:
0xF6FA

Entry point:
B8, 4C, FF, 40, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 00, 00, 00, BC, 1E, 00, 00, 08, 00, 00, 18, 58, 00, 60, 8B, 74, 24, 24, 8B, 7C, 24, 28, FC, AD, 33, C9, 85, C0, 74, 11, E0, 00, 1C, 00, 33, D2, 8D, 1C, 38, A4, B1, 03, E8, 72, 00, 73, F6, 3B, FB, 0F, 83, 85, 00, 53, 55, 57, 08, 5C, 00, 00, 33, DB, 43, 33, ED, 8B, C3, 8D, 7C, 1D, 00, 8B, EB, 8B, DF, E8, 51, F1, 00, E4, 2C, 00, 8D, 5C, 3D, 00, 03, C7, 8B, EF, E8, 42, E2...
 
[+]

Entropy:
7.3769

Packer / compiler:
PECompact v2

Code size:
28.5 KB (29,184 bytes)

The file GvnvpIo.dll has been seen being distributed by the following URL.

Remove GvnvpIo.dll - Powered by Reason Core Security