home

236103c7cc352798ca5ec804cc70f6a2

Shell executable of Setup program (32-bit)

RealNetworks, Inc.

The file 236103c7cc352798ca5ec804cc70f6a2, “ Block Level Backup Engine” has been detected as malware by 21 anti-virus scanners.
Publisher:
RealNetworks, Inc.

Product:
Shell executable of Setup program (32-bit)

Description:
Block Level Backup Engine

Version:
17.0.15.10

MD5:
236103c7cc352798ca5ec804cc70f6a2

SHA-1:
f933e6884d41b17a0ea52af731e7cab73954287d

SHA-256:
b770b2375bae12024f4ecb0950c20cded47d07ff4d064376899e643e6664eea6

Scanner detections:
21 / 68

Status:
Malware

Analysis date:
4/25/2024 12:26:03 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKDZ.26379
804

AhnLab V3 Security
Trojan/Win32.MDA
2014.11.20

Avira AntiVirus
TR/Inject.drzsea
7.11.187.70

avast!
Win32:Malware-gen
2014.9-141123

AVG
MSIL5
2015.0.3282

Bitdefender
Trojan.GenericKDZ.26379
1.0.20.1635

Dr.Web
Trojan.PWS.Stealer.13336
9.0.1.0327

Emsisoft Anti-Malware
Trojan.GenericKDZ.26379
8.14.11.23.09

ESET NOD32
MSIL/Injector.GHE (variant)
8.10748

Fortinet FortiGate
MSIL/Injector.GIP!tr
11/23/2014

F-Secure
Trojan.GenericKDZ.26379
11.2014-23-11_1

G Data
Trojan.GenericKDZ.26379
14.11.24

IKARUS anti.virus
Evilware.Outbreak
t3scan.1.8.3.0

Kaspersky
Trojan.MSIL.Inject
14.0.0.2903

Malwarebytes
Trojan.MSIL.Injector
v2014.11.23.09

McAfee
Artemis!236103C7CC35
5600.6938

MicroWorld eScan
Trojan.GenericKDZ.26379
15.0.0.981

Panda Antivirus
Trj/CI.A
14.11.23.09

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Sophos
Mal/MSIL-KL
4.98

Trend Micro House Call
TROJ_GEN.R047B01KJ14
7.2.327

File size:
594.5 KB (608,768 bytes)

Product version:
17.0.15.10

Copyright:
Copyright © RealNetworks, Inc. 1995-2012

Trademarks:
RealAudio(tm) is a trademark of RealNetworks, Inc.

Original file name:
RNSetup.DLL

Language:
English (United States)

Common path:
C:\users\{user}\downloads\91\236103c7cc352798ca5ec804cc70f6a2

File PE Metadata
Compilation timestamp:
11/13/2014 12:25:25 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:/6Ov4YhqpvF0zv3S72PfWPj39sezUCjSsXa+x15hpD44sK6jO9:/6Q4YhOOKCWPj39sajXaQpfYj

Entry address:
0x95CAE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.7296

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
591.5 KB (605,696 bytes)

Remove 236103c7cc352798ca5ec804cc70f6a2 - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.