libcurlds.dll

The cURL library

LionSea Software co., ltd

libcurl.dll is the cURL library (libcurl) used for transferring data with URL syntax including HTTP. This library is used to plug into C-based applictaions and is recompiled by LionSea Software co., ltd. The module libcurlds.dll, “libcurl Shared Library” by LionSea Software co., ltd has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. Note, this is a common distributed file and although it has been detected it might not be a threat is un-coupled from its distribution source.
Publisher:
The cURL library, http://curl.haxx.se/  (signed by LionSea Software co., ltd)

Product:
The cURL library

Description:
libcurl Shared Library

Version:
7.23.0

MD5:
08ec68a55d102e758c1ac5025a5f12fb

SHA-1:
b611aa9b395bc5b87e2ae49db2efd56ac35b8c0f

SHA-256:
3fed67ceb8e9a2ed67b52209a4b8f7c1bd1826bb7551cc3809f7176409405ea3

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
This is the cURL library (libcurl) used for transferring data with URL syntax including HTTP. This library is used to plug into C-based applictaions. While the file itself is not dangerous, it is part of a program that has been detected.

Analysis date:
11/2/2024 5:25:23 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.LionSea (M)
16.8.8.9

File size:
422.4 KB (432,511 bytes)

Product version:
7.23.0

Copyright:
ゥ 1996 - 2011 Daniel Stenberg, <daniel@haxx.se>.

Original file name:
libcurl.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\drivertuner\libcurlds.dll

Digital Signature
Authority:
Symantec Corporation

Valid from:
5/17/2016 5:00:00 PM

Valid to:
7/17/2019 4:59:59 PM

Subject:
CN="LionSea Software co., ltd", O="LionSea Software co., ltd", L=beijing, S=beijing, C=CN

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
59ACFBA6E3C65985E3C197DEF1765A78

File PE Metadata
Compilation timestamp:
6/20/2013 10:40:05 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
12288:wLNWh36e7PgJJn50frUQeNXECFTng9BcUlM7EBjvrEH7D2:8E6e7PgJJA4QeGCFTnOcUlM7urEH7D2

Entry address:
0x3E349

Entry point:
E9, DC, 41, FF, FF, 83, 7D, 0C, 01, 75, 05, E8, 55, 04, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, CC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 18, 27, 05, 10, 89, 0D, 14, 27, 05, 10, 89, 15, 10, 27, 05, 10, 89, 1D, 0C, 27, 05, 10, 89, 35, 08, 27, 05, 10, 89, 3D, 04, 27, 05, 10, 66, 8C, 15, 30, 27, 05, 10, 66, 8C, 0D, 24, 27, 05, 10, 66, 8C, 1D, 00, 27, 05, 10, 66, 8C, 05, FC, 26, 05, 10, 66, 8C, 25, F8, 26, 05, 10, 66, 8C, 2D, F4, 26, 05, 10, 9C, 8F, 05, 28, 27...
 
[+]

Entropy:
7.0308

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
270.5 KB (276,992 bytes)

Remove libcurlds.dll - Powered by Reason Core Security