» brlmw03a.dll
Overview
Analysis
File Details

brlmw03a.dll

Brother MFL-Pro

Brother Industries, Ltd.

The library brlmw03a.dll, “Wraper DLL for brlm03a(NT/2K/XP/Vista) / brif03a(98/ME)” has been detected as malware by 13 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

brlmw03a.dll

Publisher:

Brother Industries, Ltd.

Product:

Brother MFL-Pro

Description:

Wraper DLL for brlm03a(NT/2K/XP/Vista) / brif03a(98/ME)

Version:

1, 0, 0, 191

MD5:

947295088e72c61a952443e66ef3c7e3

SHA-1:

f24dd8ed849c57e2c1c018841740ee3d552d4243

SHA-256:

bedb677ee8ca3e049f62284023bdb4a4838f0a2ffbb86365cafb3bf0dad45ed9

Scanner detections:

13 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/25/2024 7:34:57 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Ramnit.N

5691347

avast!

Win32:RmnDrp

160201-0

AVG

Win32/Zbot.G

2015.0.4477

Clam AntiVirus

W32.Ramnit-1

0.98/21331

Dr.Web

Win32.Rmnet.8

9.0.1.05190

Emsisoft Anti-Malware

Win32.Ramnit.N

10.0.0.5366

ESET NOD32

Win32/Ramnit.H virus

7.0.302.0

F-Prot

W32/Ramnit.E

4.6.5.141

McAfee

Virus.W32/Ramnit.a

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.213.5053.0

Norman

Win32.Ramnit.N

11.01.2016 17:30:26

Sophos

Virus 'W32/Ramnit-A'

5.22

VIPRE Antivirus

Threat.4732184

46908

File size:

232.3 KB (237,917 bytes)

Product version:

1, 0, 0, 100

Original file name:

brlmw03a.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\Program Files\browny02\brlmw03a.dll

File PE Metadata

Compilation timestamp:

8/18/2008 11:27:24 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

3072:no2eAZb9xtZRBofQUt/yTHTOBTPVfznzX19eunCkbRpXKbmIPEHShIeM:AqbDbjHHOBJzzX1nnCoRpabmIxhIeM

Entry address:

0x21000

Entry point:

60, E8, 00, 00, 00, 00, 5D, 8B, C5, 81, ED, CE, B2, 01, 20, 2B, 85, 35, BA, 01, 20, 89, 85, 31, BA, 01, 20, B0, 00, 86, 85, 66, BC, 01, 20, 3C, 01, 0F, 85, BC, 01, 00, 00, 83, BD, 61, BB, 01, 20, 00, 74, 33, 83, BD, 65, BB, 01, 20, 00, 74, 2A, 8B, 85, 31, BA, 01, 20, 2B, 85, 61, BB, 01, 20, 8B, 00, 89, 85, 9E, BB, 01, 20, 8B, 85, 31, BA, 01, 20, 2B, 85, 65, BB, 01, 20, 8B, 00, 89, 85, A2, BB, 01, 20, EB, 61, 83, BD, 69, BB, 01, 20, 00, 74, 58, 8B, 85, 31, BA, 01, 20, 2B, 85, 69, BB, 01, 20, FF, 30, 8D, 85... 
[+]

Entropy:

7.1662

Packer / compiler:

ASPack v1.08.04

Code size:

72 KB (73,728 bytes)

Remove brlmw03a.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.