home

instlib.dll

InstLib

NetZone Info-Tech Co., Ltd., Shanghai

The module instlib.dll by NetZone Info-Tech Co.,, Shanghai has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
NETZONE Corp.  (signed by NetZone Info-Tech Co., Ltd., Shanghai)

Product:
InstLib

Version:
6.2.0.2894

MD5:
8c19fbba91f60264ff91d3c3e47f42f4

SHA-1:
8a72aa4ae0f520a2a87400e7b9befc6e65a56dea

SHA-256:
49426ef8fff764107dcdfceb2f5e49efbffd76fb77643129f69e3a69062c5466

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 5:45:30 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.NetZoneI
17.3.2.17

File size:
852.6 KB (873,048 bytes)

Product version:
6.2.0.2894

Copyright:
Copyright (C) NETZONE Corp. 2008-2009

Original file name:
InstLib

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\windows\syswow64\instlib.dll

Digital Signature
Signed by:
NetZone Info-Tech Co., Ltd., Shanghai

Authority:
VeriSign, Inc.

Valid from:
7/25/2014 8:00:00 AM

Valid to:
10/25/2015 7:59:59 AM

Subject:
CN="NetZone Info-Tech Co., Ltd., Shanghai", OU=IT, O="NetZone Info-Tech Co., Ltd., Shanghai", L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2BB3BEA0B887375E383FD6239CB02BDF

File PE Metadata
Compilation timestamp:
6/20/1992 6:22:17 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x11887D

Entry point:
60, E9, FF, 35, 01, 00, 00, 00, 53, 65, 74, 42, 6B, 4D, 6F, 64, 65, 00, 00, 00, 50, 6C, 61, 79, 45, 6E, 68, 4D, 65, 74, 61, 46, 69, 6C, 65, 00, 00, 00, 53, 65, 74, 45, 76, 65, 6E, 74, 00, 29, 55, E8, 29, 55, E4, 8B, 10, C1, EA, 05, 29, 10, E8, A5, 27, 05, 00, F9, 5A, C3, 0F, BD, C0, 83, F9, 04, 60, 9C, 55, 89, C8, 88, 44, 24, 08, 8D, 64, 24, 2C, 0F, 82, F5, FD, FF, FF, 3F, 83, F9, 0A, 9F, 0F, B6, C0, B8, 03, 00, 00, 00, E8, 91, 27, 00, 00, E9, 19, 1E, 05, 00, 0F, 98, C6, C6, C6, 00, 66, 89, 1C, 24, E9, 88...
 
[+]

Entropy:
7.9546

Packer / compiler:
ASProtect v1.1, 0xBRS

Code size:
554.5 KB (567,808 bytes)

Remove instlib.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.