» resconfig.dll
Overview
Analysis
File Details

resconfig.dll

载鸿贸易（上海）有限公司

The module resconfig.dll by 载鸿贸易（上海）有限公司 has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.

File name:

resconfig.dll

Publisher:

载鸿贸易（上海）有限公司 (signed and verified)

MD5:

74ecb1371d090a14afda47b4aca2dc08

SHA-1:

35ab6b09598ebe2b1aa84cfbb5efa4349deb4c7b

SHA-256:

9b95e206580c68420ee1d01188e8ab83e603e5be66aca46eb7d04eb6eeadf396

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

1/13/2025 4:16:31 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ShanghaiZaiheNetworkTechnologyCo

16.6.12.3

File size:

164.1 KB (168,008 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\users\{user}\appdata\local\sq\1.0.2\resconfig.dll

Digital Signature

Signed by:

载鸿贸易（上海）有限公司

Authority:

WoSign CA Limited

Valid from:

12/3/2015 9:46:36 PM

Valid to:

12/3/2017 9:46:36 PM

Subject:

CN=载鸿贸易（上海）有限公司, O=载鸿贸易（上海）有限公司, L=上海市, S=上海市, C=CN

Issuer:

CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:

2BDD19C54B3A82C664EBB50815E72D83

File PE Metadata

Compilation timestamp:

4/2/2015 7:02:48 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:tt/chO2P9dFsgFM80HkXs6EWgBAj5FVgpHfr5ZghXMHlx1xRTCzT:tt/chO2FdFsGEos6rnjHVoHfr5GhXMFQ

Entry address:

0xB59B

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, B0, 5B, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, 35, 94, E0, 01, 10, 57, FF, 35, 88, 88, 02, 10, FF, D6, FF, 35, 84, 88, 02, 10, 8B, D8, 89, 5D, FC, FF, D6, 8B, F0, 3B, F3, 0F, 82, 81, 00, 00, 00, 8B, FE, 2B, FB, 8D, 47, 04, 83, F8, 04, 72, 75, 53, E8, F8, 5B, 00, 00, 8B, D8, 8D, 47, 04, 59, 3B, D8, 73, 48, B8, 00, 08, 00, 00, 3B, D8, 73, 02, 8B, C3, 03, C3, 3B, C3, 72, 0F, 50, FF... 
[+]

Entropy:

6.5362

Code size:

113 KB (115,712 bytes)

Remove resconfig.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.