home

rld.dll

The module rld.dll has been detected as a potentially unwanted program by 14 anti-malware scanners. The file has been seen being downloaded from dll-rehab.com and multiple other hosts.
MD5:
ec3e5125190d76c19ca1c0c9172ac930

SHA-1:
ea36323755102105e91c00bca84ae81f098073a5

SHA-256:
530af342b1e1ae608edea277e76848ba01292e3d5ce2731280a285a3ea792a83

Scanner detections:
14 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 4:29:30 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:PatchDll-A [PUP]
2014.9-140819

Baidu Antivirus
HackTool.Win32.Obfuscator
4.0.3.14819

Bkav FE
W32.Clode0d.Trojan
1.3.0.4959

ESET NOD32
Win32/HackTool.Crack.BB (variant)
8.10246

K7 AntiVirus
Riskware
13.183.13029

Malwarebytes
Trojan.VirTool
v2014.08.19.07

McAfee
Generic.dx!EC3E5125190D
5600.7034

Panda Antivirus
Trj/Thed.W
14.08.19.07

Rising Antivirus
PE:Trojan.Win32.Generic.1386C850!327600208
23.00.65.14817

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_SPNR.03L912
7.2.231

Trend Micro
TROJ_SPNR.03L912
10.465.19

VIPRE Antivirus
Trojan.Win32.Generic
32168

ViRobot
JS.A.Iframe.449536.A
2011.4.7.4223

File size:
439 KB (449,536 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\crack\rld.dll

File PE Metadata
Compilation timestamp:
11/4/2012 10:41:06 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:hPtQwb9XWTW7TEfNE0dmGUtZpbhDRGY9ceJ6AeL:BtQwBmTMTwVmtpbhDDeeNe

Entry address:
0xD800

Entry point:
B8, 01, 00, 00, 00, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, E9, 2B, 57, 05, 00, FF, 74, 24, 48, 8F, 45, 00, 53, 8D, 64, 24, 50, E9, E4, E5, 00, 00, F8, F6, C3, FF, 83, C5, 06, E9, 0B, 18, 00, 00, C6, 44, 24, 04, 84, 9C, 66, 8B, 00, E8, 4C, 01, 00, 00, C6, C6, 55, 9C, 0F, B6, 06, D2, DA, 0F, 91, C2, 66, 0F, BE, D0, D2, DE, 30, D8, F8, 08, E2, D2, EE, 04, F9, 66, 0F, BE, D3, 9C, C0, C8, 04, C0, C2, 04, 10, DE, 0F, 99, C6, 80, F2, 12, F6, D0, 20, DA, C6, 04, 24, D5, 80, C2, C6, C0, D6, 05, 30, C3, 0F, 90...
 
[+]

Entropy:
7.7131  (probably packed)

Code size:
64 KB (65,536 bytes)

The file rld.dll has been seen being distributed by the following 2 URLs.

http://dll-rehab.com/.../13999.dll

http://dll-overhaul.com/.../3395.dll

Remove rld.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.