home

msuser.dll

Jinnan Wu

The module msuser.dll by Jinnan Wu has been detected as a potentially unwanted program by 2 anti-malware scanners.
Publisher:
Jinnan Wu  (signed and verified)

MD5:
94e2a37a53dc3ab0bae98f573aedc9a4

SHA-1:
5383c9ec31bad6587b8ffef5ad545042035e75b4

SHA-256:
7f598ee3eb51c4d3377ca1f5db01507bdffdb57b4683c200fece476a6200b160

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 7:40:38 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/ELEX.IM potentially unwanted application
8.0.319.0

Reason Heuristics
Adware.Elex.JinnanWu.Meta (M)
16.6.24.9

File size:
88.8 KB (90,904 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\msuser.dll

Digital Signature
Signed by:
Jinnan Wu

Authority:
thawte, Inc.

Valid from:
6/15/2016 9:00:00 PM

Valid to:
1/17/2017 9:59:59 PM

Subject:
CN=Jinnan Wu, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
4E2606B2C9EA9EF64A37654A8FAC0D71

File PE Metadata
Compilation timestamp:
6/16/2016 12:41:30 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
1536:fvD2+Uj06PdPpmfqcBvl8sWjcdu+b7onm2HZvbbEW:fvDy061PY5tju+b7om2lbbR

Entry address:
0x2973

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, C9, 1D, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, F8, 07, 01, 10, E8, 4E, 0E, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 20, 2F, 01, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 1C, B2, 00, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
37 KB (37,888 bytes)

Remove msuser.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.