home

instlib.dll

InstLib

NetZone Info-Tech Co., Ltd., Shanghai

The module instlib.dll by NetZone Info-Tech Co.,, Shanghai has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
NETZONE Corp.  (signed by NetZone Info-Tech Co., Ltd., Shanghai)

Product:
InstLib

Version:
8.2.0.3120

MD5:
95db210ee9af6a21d45cb215a0512515

SHA-1:
878e676cb2d6a0527073f324194fc4eba84c5e1f

SHA-256:
ce2479d6f6eaf8e6a418ee83fe77d04550384ad8594842a0b546c5ae62604884

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 6:33:25 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.NetZoneI
17.2.3.6

File size:
870.7 KB (891,552 bytes)

Product version:
8.2.0.3120

Copyright:
Copyright (C) NETZONE Corp. 2008-2009

Original file name:
InstLib

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\windows\syswow64\instlib.dll

Digital Signature
Signed by:
NetZone Info-Tech Co., Ltd., Shanghai

Authority:
VeriSign, Inc.

Valid from:
10/19/2015 8:00:00 AM

Valid to:
11/18/2016 7:59:59 AM

Subject:
CN="NetZone Info-Tech Co., Ltd., Shanghai", OU=研发部, O="NetZone Info-Tech Co., Ltd., Shanghai", L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
53E901A1F94C2C43445BF53135DE579A

File PE Metadata
Compilation timestamp:
6/20/1992 6:22:17 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x1F475C

Entry point:
E8, 04, D6, FF, FF, 00, 00, 53, 65, 74, 53, 63, 72, 6F, 6C, 6C, 52, 61, 6E, 67, 65, 00, E9, 31, 7D, F4, FF, 2A, 93, F3, 9D, 69, A2, 7B, F0, 93, 2B, 99, 25, 8C, 55, 4D, 90, FD, D4, 5F, 7B, 78, 49, ED, 09, D7, 01, B4, EA, EF, B9, 47, 09, FC, 67, 8B, 9A, 0B, 5E, AB, 23, 6D, AF, DD, 07, B4, 6A, 0C, AE, 22, 9A, 30, 8B, 0E, B6, 29, 91, 2C, B2, B1, 61, 75, 4F, 63, 56, DE, BC, 6F, 55, 1C, 69, F4, 93, 9B, 00, 91, ED, FA, B1, 61, 4D, 75, 18, 9F, FA, 87, FF, B1, 73, A7, A1, 03, 69, 57, 54, 83, 3D, 98, 91, 86, 69, 2E...
 
[+]

Entropy:
7.9564  (probably packed)

Code size:
601.5 KB (615,936 bytes)

Remove instlib.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.