rldea.dll

The library rldea.dll has been detected as malware by 13 anti-virus scanners. The file has been seen being downloaded from www.dllfiles.org and multiple other hosts.
MD5:
d930134fcf2d5a95891044e440350536

SHA-1:
5a6d23a9d50c3f87438cdd6df44ca6f7cf364538

SHA-256:
65a1d9024b198adf6cda9a9ff11aa51dd63aa31abb6b43353b3b943a5e5886fa

Scanner detections:
13 / 68

Status:
Malware

Analysis date:
12/26/2024 4:27:20 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-Trojan/Obfuscator.M.195584
2014.01.03

Bkav FE
W32.Clod50c.Trojan
1.3.0.4613

Comodo Security
UnclassifiedMalware
17541

IKARUS anti.virus
Trojan.Win32.Pakes
t3scan.2.2.29

K7 AntiVirus
Riskware
13.174.10720

McAfee
Generic Packed
5600.7274

Microsoft Security Essentials
VirTool:Win32/Obfuscator.XZ
1.165.247.01

Norman
Suspicious_Gen4.DEHPW
11.20131221

Panda Antivirus
Trj/Thed.W
13.12.21.08

Reason Heuristics
Unnamed.Threat.18
14.3.2.10

Rising Antivirus
PE:Trojan.Win32.Generic.15B7096E!364317038
23.00.65.131219

Sophos
Mal/Generic-S
4.96

VIPRE Antivirus
Trojan.Win32.Generic
25020

File size:
191 KB (195,584 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\crack\rldea.dll

File PE Metadata
Compilation timestamp:
2/22/2013 12:00:15 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:NXZDaj4sOoUyhZMDpRBKLZPoCo/74yG2qIiK+fUth7GPj7ku:fyOg0DrBK1QCoD4y/qIiAt6j7X

Entry address:
0x2680

Entry point:
B8, 01, 00, 00, 00, C2, 0C, 00, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 33, C9, 33, D2, 33, FF, 39, 4D, 0C, 76, 2F, 53, FE, C1, 0F, B6, C9, 8A, 1C, 31, 47, 8D, 04, 1A, 0F, B6, D0, 8A, 04, 32, 88, 04, 31, 02, C3, 0F, B6, C0, 88, 1C, 32, 0F, B6, 1C, 30, 8B, 45, 08, 30, 5C, 07, FF, 3B, 7D, 0C, 72, D3, 5B, 5F, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, E9, 20, 10, 03, 00, 9C, 9C, 8F, 44, 24, 2C, 66, C7, 04, 24, F9, 1A, 68, 88, ED, F6, 7E, FF, 74, 24, 30, 8F, 45, 00, 9C, 66, C7...
 
[+]

Code size:
10.5 KB (10,752 bytes)

The file rldea.dll has been seen being distributed by the following 8 URLs.

http://www.dllfiles.org/.../rldea.dll

http://dc414.2shared.com/download/.../rldea.dll?tsid=20150505-212859-c8904892

Remove rldea.dll - Powered by Reason Core Security