» wf1.dll
Overview
Analysis
File Details
Downloads (1)

wf1.dll

The library wf1.dll has been detected as malware by 16 anti-virus scanners. The file has been seen being downloaded from engenhariatm.com.

File name:

wf1.dll

MD5:

ab0d30d54debaad61913d754fe7d8a12

SHA-1:

6ac255effdeeb2b95802d8b274b3121c3b170f72

SHA-256:

9900e13606bbcdbf0b75a84db2715eb70ebaa3b7778e90d03c7cb820d6b5c94c

Scanner detections:

16 / 68

Status:

Malware

Analysis date:

11/16/2024 12:22:29 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.638297

361

Agnitum Outpost

Trojan.Kazy

7.1.1

Avira AntiVirus

TR/Kazy.137728.4

8.3.2.2

Arcabit

Trojan.Kazy.D9BD59

1.0.0.585

avast!

Win32:Malware-gen

2014.9-160209

AVG

Win32/Blacked

2017.0.2839

Bitdefender

Gen:Variant.Kazy.638297

1.0.20.200

Bkav FE

HW32.Packed

1.3.0.7383

Emsisoft Anti-Malware

Gen:Variant.Kazy.638297

8.16.02.09.08

F-Secure

Gen:Variant.Kazy.638297

11.2016-09-02_3

G Data

Gen:Variant.Kazy.638297

16.2.25

McAfee

Artemis!AB0D30D54DEB

5600.6495

MicroWorld eScan

Gen:Variant.Kazy.638297

17.0.0.120

Panda Antivirus

Trj/Genetic.gen

16.02.09.08

Qihoo 360 Security

HEUR/QVM36.0.Malware.Gen

1.0.0.1015

Rising Antivirus

PE:Malware.Generic/QRS!1.9E2D [F]

23.00.65.16207

File size:

134.5 KB (137,728 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\wf1.dll

File PE Metadata

Compilation timestamp:

10/23/2015 5:39:45 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:Tbp6pUXCtBq35JtZhbAHQc9nyx6n8RXd5auSV:fEWC+RheQc1n813Q

Entry address:

0x2261A

Entry point:

9C, 60, C7, 44, 24, 20, F1, E7, A5, 1A, FF, 74, 24, 0C, C7, 44, 24, 20, 99, 35, 8A, 23, 60, C6, 44, 24, 04, 62, 8D, 64, 24, 40, E9, D0, 2A, 01, 00, 68, 85, 82, 39, AE, 66, 89, 0C, 24, 68, F5, 7C, 98, 8B, FF, 30, 8F, 44, 24, 04, 60, 88, 5C, 24, 04, FF, 34, 24, 88, 7C, 24, 04, FF, 74, 24, 28, C2, 2C, 00, 0F, 00, 4C, 24, 00, E8, 73, F1, 00, 00, 9C, 89, 1C, 24, E9, BF, DD, FF, FF, 03, 7C, 75, 10, 5A, E4, 4C, 56, B6, 9C, 52, 5E, C8, 25, FC, 39, B0, 91, 40, 64, 3C, 0F, FB, 27, 83, 6A, DF, 27, 39, 98, 12, BF, 92... 
[+]

Code size:

20 KB (20,480 bytes)

The file wf1.dll has been seen being distributed by the following URL.

http://engenhariatm.com/loader/.../wf1.dll?n87

Remove wf1.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.