home

xtrapva.dll

Wiselogic Co., Ltd.

Publisher:
Wiselogic Co., Ltd.

Description:
Online Game Security Solution

Version:
1, 0, 0, 1

MD5:
39b009eae037563855004c9247cf7dfe

SHA-1:
26a6a5d4a8661fb41c94b1d7246db17c466d53a4

SHA-256:
86a402de4d517845590dc6ef6a37386367f46e346ce61fa02494337df115b0e1

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/27/2024 5:16:42 AM UTC  (today)

File size:
3.3 MB (3,470,312 bytes)

Copyright:
Wiselogic Co., Ltd.

Trademarks:
X-TRAP

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\xtrapva.dll

File PE Metadata
Compilation timestamp:
4/7/2016 11:15:32 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:cgTULDY0kJappM3Pj8qutoGtWlRpQjPORFYTWREAfYf9xQmciSX7GY3Mh5X9tc:cVXtkMnQvutoGtWlPmWGCY9zSLlMhRr

Entry address:
0xBC2044

Entry point:
68, 00, 00, 00, 00, 68, 01, 00, 00, 00, 68, 00, 00, 40, 40, E8, 00, 00, 00, 00, 81, 2C, 24, 58, 20, FC, 40, 81, 04, 24, 00, 10, FC, 40, E9, 95, 1F, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9629

Packer / compiler:
PKLITE32, 0x1.1

Code size:
5.9 MB (6,135,808 bytes)

The file xtrapva.dll has been seen being distributed by the following 3 URLs.

http://patch.zbox.co.id/lost/xtrap/live/.../XTrapVa.dll

http://xtrap.tr.funtown.hk/.../XTrapVa.dll

http://patch.zbox.co.id/lost/xtrap/live/.../XTrapVa.dll

Scan xtrapva.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.