home

wf1.dll

MD5:
655c0669e1edfae44eb4459b7d49bed3

SHA-1:
46481f4b502d711852e89e51eb061d344eb7e0ba

SHA-256:
0317b412de20d9c0296f8d68df8f885ad8737661cc174bd1436b28cb7e024244

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/16/2024 12:48:17 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Win32/Blacked
2015.0.4489

File size:
140 KB (143,360 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\wf1.dll

File PE Metadata
Compilation timestamp:
11/18/2015 10:08:42 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:65A8d+DRTIHKQG2L5cA8LKP0iEbB+Iq0q1GJib3OqVB:+A8d8TIH/cA90iEbPdqBL

Entry address:
0x198A7

Entry point:
E9, 81, 9B, 00, 00, 8D, 64, 24, 04, 0F, 82, 9F, D8, FF, FF, 66, 0F, BA, E2, 08, F8, 60, 66, 85, F9, 3B, 45, F0, 60, 9C, 9C, 8D, 64, 24, 48, 0F, 83, 85, D8, FF, FF, 66, D3, E1, 0F, AC, E1, 1F, 89, C3, D2, FD, C1, EF, 10, 89, C7, 66, 0F, C9, B9, 04, 01, 00, 00, 80, FC, 4D, 30, C0, 9C, 9C, F2, AE, E9, E5, EA, FF, FF, 24, 94, 8B, 7C, 24, 18, FE, C0, 0F, 94, C0, 66, 0F, A3, CD, F5, B2, 80, 00, C8, 66, 39, F1, 29, DB, 0F, 92, C3, AC, 80, E3, 9F, 0F, 95, C3, D2, DB, 20, CB, 2C, C7, C0, E3, 03, 34, 11, 20, D3, F6...
 
[+]

Packer / compiler:
Xtreme-Protector v1.05

Code size:
26.5 KB (27,136 bytes)

The file wf1.dll has been seen being distributed by the following URL.

http://engenhariatm.com/loader/.../wf1.dll?n0

Scan wf1.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.