home

memcheck.dll

MD5:
4ebe482681590dc8d5ae33cbadd53251

SHA-1:
ac1d1d8791253c00e093f2def45307d159f23222

SHA-256:
3ca64007ae456804b47f6ecb19c88662c42613c864fce38e97168a0f4be56344

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/8/2024 7:49:28 PM UTC  (today)

Scan engine
Detection
Engine version

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.58

Qihoo 360 Security
HEUR/QVM30.1.0000.Malware.Gen
1.0.0.1120

File size:
71 KB (72,704 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\downloads\memcheck.dll

File PE Metadata
Compilation timestamp:
6/13/2016 6:07:42 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
1536:hBdnJEDQlqCSkNyHYQ3D/2sW9jcd2pjnluPV1x:hIQ4CSK6DcS21luPV1x

Entry address:
0x18FF

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 8B, 04, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, B1, FE, FF, FF, 83, C4, 0C, 5D, C2, 0C, 00, 55, 8B, EC, EB, 1F, FF, 75, 08, E8, 8D, 1E, 00, 00, 59, 85, C0, 75, 12, 83, 7D, 08, FF, 75, 07, E8, 15, 08, 00, 00, EB, 05, E8, F1, 07, 00, 00, FF, 75, 08, E8, 04, 1F, 00, 00, 59, 85, C0, 74, D4, 5D, C3, 55, 8B, EC, 6A, 00, FF, 15, 28, B0, 00, 10, FF, 75, 08, FF, 15, 24, B0, 00, 10, 68, 09, 04, 00, C0, FF, 15, 2C, B0, 00, 10, 50, FF, 15, 30, B0, 00, 10, 5D, C3, 55, 8B...
 
[+]

Entropy:
6.2198

Developed / compiled with:
Microsoft Visual C++

Code size:
39.5 KB (40,448 bytes)

The file memcheck.dll has been seen being distributed by the following 6 URLs.

https://www.dropbox.com/s/.../memcheck (1).dll?dl=1&_download_id=881276280193502173982442505940531204098858364358406860654168085&_notify_domain=www.dropbox.com

https://cdn.discordapp.com/attachments/183336280644386816/.../memcheck.dll

https://cdn.discordapp.com/attachments/192268294042943489/.../memcheck.dll

https://fs13n3.sendspace.com/dl/1d4e7ac7174554cea5aafdd99f27397a/57613da45bf11919/.../memcheck.dll

http://www.filedropper.com/.../filedownload.php?id=memcheck

https://fs13n3.sendspace.com/dl/d60397f2c93a03c3d0a256143e7c6625/576054ba7e789108/.../memcheck.dll

Scan memcheck.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.