home

rhws.dll

MD5:
e8c81d7c8d3c3562063b5226b53c4ae7

SHA-1:
99570c409530dabc7a41d59012a0fdc5976b3395

SHA-256:
953f9a8ecab5007f466d65b8a23da9b7e7b47ea1f266a5e6f1e8e210f6024832

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/5/2024 4:36:27 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Packed.VMProtect.ABO trojan
8.0.319.0

File size:
181.5 KB (185,856 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\rhws.dll

File PE Metadata
Compilation timestamp:
6/27/2016 4:19:39 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
3072:XTadj7E313zVwH7LEP9zSZrz0t6t5VuovIxKCm6oKdNbFeBA7m97s:Dads87bZEt6QYIkr6o2NbUBA7mO

Entry address:
0x3D1D9

Entry point:
60, C7, 44, 24, 1C, D6, CE, 58, C8, FF, 34, 24, 68, 2D, 57, CD, 34, E9, 7E, 45, FF, FF, 38, FE, 0F, A3, F7, 30, C0, 66, 0F, A3, C7, F2, AE, 9C, 88, 7C, 24, 04, E8, D7, D5, FF, FF, 27, E8, DF, 8C, 01, 00, 12, F1, B0, BF, A9, ED, BA, 63, 0B, 45, E0, 6B, FD, 8A, 66, 81, 79, B5, 39, 17, CA, 2E, FF, 53, F6, 4F, 22, 96, 1D, 5E, F9, 10, F8, 98, F7, 98, 4E, 23, 76, 8B, F9, E6, CE, 4C, 25, F8, C4, 53, 37, B4, BD, B2, 44, 93, B1, C2, 01, 3A, 36, ED, 83, EC, 48, 61, C9, E1, F6, 7C, 2B, C9, 0A, C5, C4, 2C, 17, 7A, B0...
 
[+]

Code size:
46 KB (47,104 bytes)

The file rhws.dll has been seen being distributed by the following URL.

http://elswordhack.net/wordtrainer/.../rhws.dll

Scan rhws.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.