nstaller.dll

KeePass Library 1.29

Dominik Reichl

The module nstaller.dll has been detected as a potentially unwanted program by 15 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from elegantsoft.ru and multiple other hosts.
Publisher:
Dominik Reichl

Product:
KeePass Library 1.29

Version:
1.29.0.0

MD5:
4fd4197f758eeb6dde0c265388c674ee

SHA-1:
721a664cd5c18c52fa013c73ae000bdf906c437c

SHA-256:
1c898d26bf576711310cf958de94aa12a80736a65b6f7e691bbeb81666a75a0f

Scanner detections:
15 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 6:10:39 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2835496
458

Agnitum Outpost
Riskware.Agent
7.1.1

AVG
Downloader
2016.0.2936

Baidu Antivirus
PUA.Win32.MediaMagnet
4.0.3.15113

Bitdefender
Trojan.GenericKD.2835496
1.0.20.1535

Emsisoft Anti-Malware
Trojan.GenericKD.2835496
8.15.11.03.12

ESET NOD32
Win32/MediaMagnet.CO potentially unwanted (variant)
9.12504

Fortinet FortiGate
Riskware/MediaMagnet
11/3/2015

F-Secure
Trojan.GenericKD.2835496
11.2015-03-11_3

G Data
Trojan.GenericKD.2835496
15.11.25

K7 AntiVirus
Adware
13.212.17724

McAfee
Artemis!4FD4197F758E
5600.6592

MicroWorld eScan
Trojan.GenericKD.2835496
16.0.0.921

nProtect
Trojan.GenericKD.2835496
15.11.02.01

VIPRE Antivirus
Trojan.Win32.Generic
44964

File size:
701.5 KB (718,336 bytes)

Product version:
1.29.0.0

Copyright:
Copyright (C) 2003-2015 Dominik Reichl

Original file name:
KeePassLibCXX.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\nstaller.dll

File PE Metadata
Compilation timestamp:
10/29/2015 1:52:11 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
1.71

CTPH (ssdeep):
12288:mZV+KNelwMF6GZzG0ojODCCW52txAy8CQBir+57AyDu6j5z5W41Z:eelMh0o+398HBThvDWEZ

Entry address:
0xBE160

Entry point:
80, 7C, 24, 08, 01, 0F, 85, D9, 01, 00, 00, 60, BE, 00, 00, 41, 00, 8D, BE, 00, 10, FF, FF, 57, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Entropy:
7.6535

Code size:
700 KB (716,800 bytes)

The file nstaller.dll has been seen being distributed by the following 2 URLs.

Remove nstaller.dll - Powered by Reason Core Security