home

raredor.dll

MD5:
b26a3f2bdda928abb2154c73e9012326

SHA-1:
8e710d69e4abb64d36b56d1b3f0dae065917d1ca

SHA-256:
ef4b980a040ca511b3c318d4910253c92a7e0d8a1b2b3a630eebdfc360cf7930

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/5/2024 4:27:11 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Packed.VMProtect.ABO trojan
7.0.302.0

File size:
179 KB (183,296 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\raredor.dll

File PE Metadata
Compilation timestamp:
6/28/2016 5:10:05 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
3072:EH3i/+3HPSlx+MUs4kn3sIuXbPx9kWOVuuSARzX5sJPkGAeJpIYF3j7EUCpYcqqp:EH/YZUsvshrkbYuSARzpsJPRHJ/F3RBc

Entry address:
0x36BF3

Entry point:
0F, 88, 4A, D9, FF, FF, 60, C7, 44, 24, 04, CA, 6B, 06, E4, 9C, C7, 44, 24, 20, 20, A2, FF, 04, 68, 66, F1, 72, 99, 89, 1C, 24, FF, 74, 24, 10, C7, 44, 24, 24, 82, C7, 22, BD, 60, 66, C7, 44, 24, 08, 8D, 03, 9C, 9C, 8D, 64, 24, 4C, E9, 2B, DD, 01, 00, E9, 3B, 85, 01, 00, 84, 6A, 27, 44, 75, C4, 94, E7, C8, A5, DF, 8C, E6, 04, E1, 0B, EC, 01, FF, E9, EA, FF, EF, F0, 70, F8, 5F, 0F, 90, CD, 43, 83, 6B, FF, 27, 27, 52, D7, BD, 39, 9A, 5E, 0A, D8, DE, 7B, 58, 86, 4D, 12, 11, 66, 4D, 2E, 3F, 80, D7, C2, F9, F6...
 
[+]

Entropy:
7.8146  (probably packed)

Code size:
46 KB (47,104 bytes)

The file raredor.dll has been seen being distributed by the following URL.

http://elswordhack.net/wordtrainer/.../raredor.dll

Scan raredor.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.