home

rektware.dll

MD5:
e09890ef30f1337e3511162efc09119a

SHA-1:
079e17240c4e237faa53a56dad7033f0ac3d8858

SHA-256:
dac1130b2fa2074affcf4af196beea2dfbb8e0c5c81ec2295dcf274f33c036aa

Scanner detections:
8 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/27/2024 2:21:58 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsReno
1.3.0.8108

ESET NOD32
Win32/Packed.EnigmaProtector.J suspicious (variant)
10.13906

F-Prot
W32/Heuristic-162
v6.4.7.1.166

IKARUS anti.virus
Packer.Enigma
t3scan.2.1.6.0

Qihoo 360 Security
HEUR/QVM38.0.0000.Malware.Gen
1.0.0.1120

Trend Micro House Call
Possible_Virus
7.2.223

Trend Micro
Possible_Virus
10.465.10

Vba32 AntiVirus
TrojanBanker.ChePro
3.12.26.4

File size:
1.2 MB (1,265,152 bytes)

File type:
Dynamic link library (Win32 DLL)

File PE Metadata
Compilation timestamp:
6/25/2016 8:41:06 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:WOUPKhyIhgwLz601nB+VWcfgphrXf0gtUlAAoyrNYEts7ZZ/fGDODWO+W07D:WDPQNpnkVWRrXf0lAOrqEq7ZNya

Entry address:
0x3A94E0

Entry point:
60, E8, 00, 00, 00, 00, 5D, 81, ED, 06, 00, 00, 00, 81, ED, E0, 94, 3A, 00, E9, 4C, 00, 00, 00, 45, 4E, 49, 47, 4D, 41, 04, 00, E0, 07, 08, 00, 01, 00, 06, 00, 20, 00, 02, 00, 3E, DD, C2, C8, 3C, E5, CA, 57, 65, 93, 18, C2, 64, 5E, AF, B7, 70, A6, 8F, AD, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 8A, 84, 24, 28, 00, 00, 00, 80, F8, 01, 0F, 84, 07, 00, 00, 00, 61, 33, C0, 40, C2, 0C, 00, E9, 04, 00, 00, 00...
 
[+]

Packer / compiler:
ASPack v1.08.04

Code size:
186.5 KB (190,976 bytes)

The file rektware.dll has been seen being distributed by the following URL.

http://www9.zippyshare.com/d/SbNxMYFp/.../REKTWARE.DLL

Scan rektware.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.