topovl.dll

The library topovl.dll has been detected as malware by 7 anti-virus scanners. The file has been seen being downloaded from doc-00-7g-docs.googleusercontent.com and multiple other hosts.
MD5:
e35dcad2b75aace3e309937dbd86d5df

SHA-1:
42cbeef4cd3c51da04d82fbdcc2c6df60c8e5685

SHA-256:
b2f239d99f6960df30cf5b3567f020e24404a0e9fa39a9e39b0629c77be1b5b6

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
12/26/2024 12:04:38 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Rogue.1262757
7.11.214.168

F-Prot
W32/Heuristic-KPP
v6.4.7.1.166

IKARUS anti.virus
Trojan.Rogue
t3scan.1.8.6.0

McAfee
Artemis!DE4A7A108F4E
5600.6829

Panda Antivirus
Trj/CI.A
15.03.12.10

Sophos
Mal/Generic-S
4.98

VIPRE Antivirus
RiskTool.Win32.ProcessPatcher.Sml!cobra
38208

File size:
11.1 KB (11,325 bytes)

File type:
Dynamic link library (Win64 DLL)

Common path:
C:\users\{user}\downloads\topovl.dll

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
192:8+zdnPyezka3gKH9+lEnwdUD2LKpZ0NcpZ2PBfv5cNHKkNQ3Cr+GyU6mJXESs1Xo:thPyezkaX+l+w+pZ0NiZ201u3CryUnJl

Entry point:
50, 4B, 03, 04, 14, 00, 00, 00, 08, 00, 3B, 6A, E2, 42, D8, 17, 60, F2, B4, 13, 00, 00, 00, 28, 00, 00, 0B, 00, 00, 00, 6F, 76, 6C, 2D, 69, 6E, 6A, 2E, 65, 78, 65, ED, 5A, 79, 58, 5B, 45, 10, DF, 84, 50, 53, 04, 41, 25, 5A, EF, 14, A9, B7, 98, 83, 84, 1C, 80, 41, 89, 52, 85, 9A, 12, 0A, 55, 8B, 69, 48, 1E, 24, 31, 97, 2F, EF, 29, F8, 79, B4, 52, D4, 18, F1, 3E, 3F, 4F, C4, FB, F3, F3, 3E, F0, A6, A2, 52, B5, 6A, BF, 7A, 55, AD, 8A, 8A, 9A, 4A, 55, BC, 51, B1, CF, DF, EE, 4B, 80, 7A, 7F, 9F, FA, 8F, BA, ED...
 
[+]

The file topovl.dll has been seen being distributed by the following 2 URLs.

Remove topovl.dll - Powered by Reason Core Security