home

htrh.dll

MD5:
58b55963bc4c4df7e3b2130bb5198827

SHA-1:
440d7457fd302307037d98ee26dae87c57f83082

SHA-256:
add7350d05ac14c029e50deb235e08ba7e894d213a8ccbd2ec0a049750cb75c1

Scanner detections:
3 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/5/2024 4:27:23 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Packed.Themida suspicious application
8.0.319.0

F-Secure
Variant.Razy.57956
5.15.96

Norman
Gen:Variant.Razy.57956
28.05.2016 15:32:18

File size:
2.5 MB (2,590,720 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\htrh.dll

File PE Metadata
Compilation timestamp:
6/23/2016 6:29:45 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:4g6No4dRGXMRlLBLGurE49QeWm3s8ORvY:H6No4dRgMRbLL99Qw8

Entry address:
0x28A000

Entry point:
EB, 08, 0F, 66, 27, 00, 00, 00, 00, 00, E9, 00, 20, 00, 00, 54, 41, 47, 47, 00, 20, 00, 00, 1E, 1B, 00, 00, 01, 00, 30, 82, 1B, 1A, 06, 09, 2A, 86, 48, 86, F7, 0D, 01, 07, 02, A0, 82, 1B, 0B, 30, 82, 1B, 07, 02, 01, 01, 31, 09, 30, 07, 06, 05, 2B, 0E, 03, 02, 1A, 30, 82, 0F, 21, 06, 09, 2A, 86, 48, 86, F7, 0D, 01, 07, 01, A0, 82, 0F, 12, 04, 82, 0F, 0E, D0, 00, 01, 00, 01, C1, B1, A1, 02, 00, 03, 00, 07, 00, 00, 00, 26, 00, 00, 00, 01, 00, 5F, D6, B6, A0, 6E, 30, 46, 51, BF, 9D, 06, CE, 23, 67, E8, 8B, A4...
 
[+]

Code size:
47.5 KB (48,640 bytes)

The file htrh.dll has been seen being distributed by the following URL.

http://elswordhack.net/wordtrainer/.../htrh.dll

Scan htrh.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.