home

libcurlds.dll

The cURL library

LionSea Software co., ltd

libcurl.dll is the cURL library (libcurl) used for transferring data with URL syntax including HTTP. This library is used to plug into C-based applictaions and is recompiled by LionSea Software co., ltd. The module libcurlds.dll, “libcurl Shared Library” by LionSea Software co., ltd has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. Note, this is a common distributed file and although it has been detected it might not be a threat is un-coupled from its distribution source.
Publisher:
The cURL library, http://curl.haxx.se/  (signed by LionSea Software co., ltd)

Product:
The cURL library

Description:
libcurl Shared Library

Version:
7.23.0

MD5:
08ec68a55d102e758c1ac5025a5f12fb

SHA-1:
b611aa9b395bc5b87e2ae49db2efd56ac35b8c0f

SHA-256:
3fed67ceb8e9a2ed67b52209a4b8f7c1bd1826bb7551cc3809f7176409405ea3

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
This is the cURL library (libcurl) used for transferring data with URL syntax including HTTP. This library is used to plug into C-based applictaions. While the file itself is not dangerous, it is part of a program that has been detected.

Analysis date:
11/23/2024 2:32:41 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.LionSea (M)
16.8.8.9

File size:
422.4 KB (432,511 bytes)

Product version:
7.23.0

Copyright:
ゥ 1996 - 2011 Daniel Stenberg, <daniel@haxx.se>.

Original file name:
libcurl.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\drivertuner\libcurlds.dll

Digital Signature
Signed by:
LionSea Software co., ltd

Authority:
Symantec Corporation

Valid from:
5/17/2016 5:00:00 PM

Valid to:
7/17/2019 4:59:59 PM

Subject:
CN="LionSea Software co., ltd", O="LionSea Software co., ltd", L=beijing, S=beijing, C=CN

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
59ACFBA6E3C65985E3C197DEF1765A78

File PE Metadata
Compilation timestamp:
6/20/2013 10:40:05 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
12288:wLNWh36e7PgJJn50frUQeNXECFTng9BcUlM7EBjvrEH7D2:8E6e7PgJJA4QeGCFTnOcUlM7urEH7D2

Entry address:
0x3E349

Entry point:
E9, DC, 41, FF, FF, 83, 7D, 0C, 01, 75, 05, E8, 55, 04, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, CC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 18, 27, 05, 10, 89, 0D, 14, 27, 05, 10, 89, 15, 10, 27, 05, 10, 89, 1D, 0C, 27, 05, 10, 89, 35, 08, 27, 05, 10, 89, 3D, 04, 27, 05, 10, 66, 8C, 15, 30, 27, 05, 10, 66, 8C, 0D, 24, 27, 05, 10, 66, 8C, 1D, 00, 27, 05, 10, 66, 8C, 05, FC, 26, 05, 10, 66, 8C, 25, F8, 26, 05, 10, 66, 8C, 2D, F4, 26, 05, 10, 9C, 8F, 05, 28, 27...
 
[+]

Entropy:
7.0308

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
270.5 KB (276,992 bytes)

Remove libcurlds.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.