libcurl-4.dll

The library libcurl-4.dll has been detected as malware by 17 anti-virus scanners. Additionally, the file is typically installed by a number of programs including Real Player Auto Crack by Crack Team and PC Data App by Adware.BitCoinMiner. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. The file has been seen being downloaded from flek1.free.fr and multiple other hosts.
MD5:
6f15c32334d2310abf30187d6294eaf5

SHA-1:
4cd819bece131457122a992200bc0e58ce6b8a40

SHA-256:
99356e0620182b9490e2a74ee03f406e155577e7e368ace2922a10d743163ee7

Scanner detections:
17 / 68

Status:
Malware

Explanation:
The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:
11/15/2024 7:11:48 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Miner
7.1.1

AhnLab V3 Security
Trojan/Win32.BitMiner
2014.01.03

Bkav FE
W32.JorikNrgbotK.Trojan
1.3.0.4613

Fortinet FortiGate
W32/FAKELIB.B!tr
12/25/2013

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.2.2.29

K7 AntiVirus
Riskware
13.174.10720

McAfee
Artemis!C7AEF9D4CAAD
5600.7270

Norman
Suspicious_Gen4.EWJTH
11.20131219

Panda Antivirus
Trj/dtcontx.G
13.12.19.04

Reason Heuristics
Unnamed.Threat.14
14.3.2.12

Sophos
Mal/Generic-S
4.96

Trend Micro House Call
TROJ_FAKELIB.B
7.2.353

Trend Micro
TROJ_FAKELIB.B
10.465.19

Vba32 AntiVirus
Trojan.Miner
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
25042

ViRobot
RiskTool.BitCoinMiner.245795
2011.4.7.4223

XVirus List
Win.Detected
2.3.31

File size:
240 KB (245,795 bytes)

File type:
Dynamic link library (Win32 DLL)

File PE Metadata
Compilation timestamp:
6/7/2013 3:02:09 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.56

CTPH (ssdeep):
6144:GwwBTxJ64Th0Vvlrpitnrw5k4D9hmUK0Q:OVhTy8VrOJD9VLQ

Entry address:
0x10C0

Entry point:
55, 89, E5, 56, 53, 8B, 5D, 0C, 83, FB, 01, 74, 33, 50, 8B, 45, 10, 50, 53, 8B, 75, 08, 56, E8, BC, 28, 02, 00, 85, DB, 89, C6, 59, 75, 0E, A1, 00, C0, 82, 70, 85, C0, 74, 64, E8, 5F, FF, FF, FF, 8D, 65, F8, 89, F0, 5B, 5E, 5D, C2, 0C, 00, 8D, 74, 26, 00, 83, EC, 0C, 68, 80, 00, 00, 00, E8, 03, 34, 02, 00, 83, C4, 10, A3, 00, C0, 82, 70, 85, C0, 74, 44, C7, 00, 00, 00, 00, 00, A3, 10, C0, 82, 70, E8, 7F, 28, 02, 00, E8, D2, 00, 00, 00, 52, 8B, 45, 10, 50, 6A, 01, 8B, 45, 08, 50, E8, 5A, 28, 02, 00, 89, C6...
 
[+]

Packer / compiler:
REALbasic

Code size:
142.5 KB (145,920 bytes)

The file libcurl-4.dll has been discovered within the following programs.

PC Data App  by Adware.BitCoinMiner
The software is a Trojan Bitcoin miner that utilizes the open source CGMiner utility. The Trojan Bitcoin miner is an invasive multiple component malware infection. This is a potentially unwanted program that installs malware on the user's PC using the file start.
79% remove it
Real Player Auto Crack  by Crack Team
About 3% of users remove it
 
Powered by Should I Remove It?

The file libcurl-4.dll has been seen being distributed by the following 2 URLs.

Remove libcurl-4.dll - Powered by Reason Core Security