home

python27.dll

Metin2 Pro Damage

lalaker1 Development

The module python27.dll has been detected as a potentially unwanted program by 27 anti-malware scanners. The file has been seen being downloaded from www45.zippyshare.com and multiple other hosts.
Publisher:
lalaker1 Development

Product:
Metin2 Pro Damage

Version:
1.0.0.0

MD5:
499fe41bb43f1768c0fc9453ca7cd707

SHA-1:
1be7f79e528051a6c4a1456729069e1f758f8c2b

SHA-256:
76873fe47fa15e518815c431f8006cbd2c704810a8627c4d35d9296b788e52d0

Scanner detections:
27 / 68

Status:
Potentially unwanted

Analysis date:
11/2/2024 7:14:10 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.578665
617

Agnitum Outpost
Trojan.Agent
7.1.1

Avira AntiVirus
TR/Black.Gen2
8.3.1.6

AVG
Win32/Blacked
2016.0.3095

Baidu Antivirus
PUA.Win32.VMProtect
4.0.3.15528

Bitdefender
Gen:Variant.Kazy.578665
1.0.20.740

Bkav FE
HW32.Packed
1.3.0.6379

Comodo Security
UnclassifiedMalware
22248

Emsisoft Anti-Malware
Gen:Variant.Kazy.578665
8.15.05.28.07

ESET NOD32
Win32/Packed.VMProtect.AAN (variant)
9.11685

Fortinet FortiGate
W32/VMProtBad.A!tr
5/28/2015

F-Secure
Gen:Variant.Kazy.578665
11.2015-28-05_5

G Data
Gen:Variant.Kazy.578665
15.5.25

IKARUS anti.virus
Trojan.Win32.VMProtect
t3scan.1.8.9.0

K7 AntiVirus
Trojan
13.204.16028

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.1971

McAfee
GenericR-DEU!499FE41BB43F
5600.6751

MicroWorld eScan
Gen:Variant.Kazy.578665
16.0.0.444

NANO AntiVirus
Trojan.Win32.Black.dljjig
0.30.24.1636

Norman
Troj_Generic.XYFMD
11.20150528

Panda Antivirus
Trj/Genetic.gen
15.05.28.07

Qihoo 360 Security
HEUR/QVM36.0.Malware.Gen
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
15.5.28.15

Sophos
Mal/VMProtBad-A
4.98

Trend Micro House Call
TROJ_GEN.R02KC0EAE15
7.2.148

Trend Micro
TROJ_GEN.R02KC0EAE15
10.465.28

VIPRE Antivirus
Trojan.Win32.Generic
40570

File size:
1.9 MB (1,997,824 bytes)

Product version:
1.0.0.0

Copyright:
www.lalaker1.net

Original file name:
ProDamage.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\python27.dll

File PE Metadata
Compilation timestamp:
12/27/2014 6:43:23 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
5.0

CTPH (ssdeep):
49152:JfRwX85QJ42nxZZSPMkbqORdOY51PS2iKmpMJ/jIFMRhgc0C:BQJxzSPMlORkNPE0YgA

Entry address:
0x5A895E

Entry point:
68, 0B, EA, 79, 8F, C7, 04, 24, 1E, 9F, 5A, DC, 9C, 89, 04, 24, C7, 04, 24, F9, F4, A0, F1, 60, 8D, 64, 24, 20, E9, F6, 4E, 1E, 00, 8D, 64, 24, 2C, 0F, 84, AB, F1, 16, 00, D2, E9, F5, 0F, C9, C0, D1, 03, 29, DB, 3F, 60, 89, 5D, FC, F9, 66, 0F, BA, F9, 01, 89, D0, 68, A7, EA, B4, 3C, C1, E8, 10, 8D, 64, 24, 24, F6, D1, 53, 18, D1, D2, DD, 8B, 4E, 04, E9, 8E, 22, 17, 00, 4F, 4C, 45, 33, 32, 2E, 44, 4C, 4C, 00, 66, C1, CB, 02, 66, 0F, BA, FB, 0D, 89, C3, 66, 0F, BA, E6, 01, 9C, 60, 80, 3F, 23, FF, 34, 24, 9C...
 
[+]

Code size:
4.5 MB (4,669,440 bytes)

The file python27.dll has been seen being distributed by the following 2 URLs.

http://www45.zippyshare.com/d/nO6nwPSA/.../ProDamage.dll

http://www45.zippyshare.com/d/nO6nwPSA/.../ProDamage.dll

Remove python27.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.