» balcao.dll
Overview
Analysis
File Details
Behaviors (1)

balcao.dll

The library balcao.dll has been detected as malware by 25 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Events’.

File name:

balcao.dll

MD5:

99b7cbf8817c514081fbac6c5d4344e2

SHA-1:

6ccecd2f1e65d7dabe02bc848ea1e1f3a8f4d4fa

SHA-256:

48444ca3b544b98cd416d1a13e1f31a10b8ee0bac1d3b23e0aed8660c977f11e

Scanner detections:

25 / 68

Status:

Malware

Analysis date:

5/1/2024 11:24:46 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.13286141

-40

Agnitum Outpost

Trojan.Enigma

7.1.1

avast!

Win32:Malware-gen

2014.9-170315

AVG

Win32/Heur

2018.0.2438

Baidu Antivirus

Trojan.Win32.Enigma

4.0.3.17315

Bitdefender

Trojan.Generic.13286141

1.0.20.370

Comodo Security

UnclassifiedMalware

22096

Emsisoft Anti-Malware

Trojan.Generic.13286141

8.17.03.15.08

ESET NOD32

Win32/Packed.Enigma.AAF (variant)

11.11617

Fortinet FortiGate

PossibleThreat

3/15/2017

F-Secure

Trojan.Generic.13286141

11.2017-15-03_4

G Data

Trojan.Generic.13286141

17.3.25

IKARUS anti.virus

Trojan.Win32.Enigma

t3scan.1.8.9.0

K7 AntiVirus

Trojan

13.203.15889

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.-1314

McAfee

Artemis!99B7CBF8817C

5600.6094

MicroWorld eScan

Trojan.Generic.13286141

18.0.0.222

NANO AntiVirus

Trojan.Win32.Rogue.drigmk

0.30.24.1357

nProtect

Trojan.Generic.13286141

15.05.11.01

Panda Antivirus

Trj/Genetic.gen

17.03.15.08

Qihoo 360 Security

HEUR/QVM38.0.Malware.Gen

1.0.0.1015

Total Defense

Win32/Ramnit.DW

37.1.62.1

Trend Micro House Call

TROJ_GEN.R000C0EE815

7.2.74

Trend Micro

TROJ_GEN.R000C0EE815

10.465.15

VIPRE Antivirus

Trojan.Win32.Generic

40186

File size:

3.7 MB (3,888,128 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\users\{user}\appdata\local\balcao.dll

File PE Metadata

Compilation timestamp:

4/26/2015 2:06:40 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x9BD3B4

Entry point:

60, E8, 00, 00, 00, 00, 5D, 81, ED, 06, 00, 00, 00, 81, ED, B4, D3, 9B, 00, E9, 4C, 00, 00, 00, 45, 4E, 49, 47, 4D, 41, 02, 21, DF, 07, 04, 00, 1A, 00, 12, 00, 07, 00, 3B, 00, BF, C9, 39, 48, 5B, 35, BF, BC, EC, A3, 76, AC, 55, AF, 72, 7F, F6, E1, 71, 8F, 01, 00, 00, 00, 72, 6B, 2A, A2, 81, 4E, 0F, 20, DB, 95, 5A, D8, 56, 6A, 8B, 9E, 51, BE, 6E, 48, DE, 22, BD, 02, A3, E2, 77, 88, 7E, F0, D1, 67, 8A, 84, 24, 28, 00, 00, 00, 80, F8, 01, 0F, 84, 07, 00, 00, 00, 61, 33, C0, 40, C2, 0C, 00, E9, 04, 00, 00, 00... 
[+]

Packer / compiler:

ASPack v1.08.04

Code size:

2.7 MB (2,824,192 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Events

Command:

rundll32.exe "C:\users\{user}\appdata\local\balcao.dll",_9634694369346

Remove balcao.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.