home

alf.dll

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘avgnt’. The file has been seen being downloaded from doc-08-98-docs.googleusercontent.com.
MD5:
9459724659f53e35c6515ebe6c881c94

SHA-1:
4bc4949088ab9f84331d87dd9010f5a9a5a3b2b5

SHA-256:
2b0701b29c7e1d11eca756136d829abf8da1ed98a281735c06d870c9dffbe7d3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/6/2024 8:38:27 PM UTC  (today)

File size:
688 KB (704,512 bytes)

File type:
Dynamic link library (Win64 DLL)

Common path:
C:\Program Files\steam\steamapps\downloading\8980\binaries\dlcsetup2\alf.dll

File PE Metadata
OS bitness:
Win64

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
avgnt

Command:
"C:\Program Files\avira\antivir desktop\avgnt.exe" \min


The file alf.dll has been seen being distributed by the following URL.

https://doc-08-98-docs.googleusercontent.com/docs/securesc/r5d1soo98ajlggg7iiofavlp3eb2t7bf/q6v3fahuhktisk87fqasot4gddh5dm2i/1465941600000/.../11904131794368486588/0B0i7u_1dfPu3cXhBa2xlbnJ4NkE?e=download&nonce=4kf95ue2jen8i&user=11904131794368486588&hash=4f97uglqi5g79d3drodduq91opq7sh9a

Scan alf.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.