» 557k213k638z699.dll
Overview
Analysis
File Details
Behaviors (1)

557k213k638z699.dll

The library 557k213k638z699.dll has been detected as malware by 5 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler named 429K101K561Z648 triggered daily at a specified time.

File name:

557k213k638z699.dll

MD5:

96c8cca16b8d3467c33b7e231367e190

SHA-1:

a9431d4b7b891f9f4c90bfd28ca12c003337cd9c

SHA-256:

066bd46a4cd46c1b58ed97e09787eda60dfb27560bd57875839de4aff43ee64e

Scanner detections:

5 / 68

Status:

Malware

Analysis date:

4/30/2024 1:43:03 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Malware/Gen.Generic.C1847424

3.8.3.16

ESET NOD32

Win64/Wdfload.I trojan

6.3.12010.0

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.-1317

Malwarebytes

Trojan.Wdfload.Generic

v2017.03.16.10

Rising Antivirus

Malware.Generic.5!tfe (thunder:5:Kv3sF86y5ZN)

23.00.65.17314

File size:

3 MB (3,104,256 bytes)

File type:

Dynamic link library (Win64 DLL)

Common path:

C:\ProgramData\557k213k638z699\557k213k638z699.dll

File PE Metadata

Compilation timestamp:

3/13/2017 10:16:17 AM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

2.27

Entry address:

0x11CB0

Entry point:

48, 83, EC, 48, 48, 8B, 05, 05, 41, 2C, 00, 83, FA, 01, C7, 00, 00, 00, 00, 00, 74, 0A, 48, 83, C4, 48, E9, A1, FE, FF, FF, 90, 4C, 89, 44, 24, 38, 89, 54, 24, 34, 48, 89, 4C, 24, 28, E8, AD, 99, 00, 00, E8, F8, 94, FF, FF, 4C, 8B, 44, 24, 38, 8B, 54, 24, 34, 48, 8B, 4C, 24, 28, 48, 83, C4, 48, E9, 71, FE, FF, FF, 90, FF, 25, 8E, 74, 2E, 00, 90, 90, 0F, 1F, 84, 00, 00, 00, 00, 00, 83, FA, 4D, 77, 60, 4C, 8D, 15, C4, 8F, 2B, 00, 89, D0, 49, 63, 04, 82, 4C, 01, D0, FF, E0, 66, 0F, 1F, 84, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.2450

Code size:

2.8 MB (2,887,680 bytes)

Scheduled Task

Task name:

429K101K561Z648

Trigger:

Daily (Runs daily at 7:00 AM)

Remove 557k213k638z699.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.