» conhost.dll
Overview
Analysis
File Details
Behaviors (1)

conhost.dll

The module conhost.dll has been detected as a potentially unwanted program by 38 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘HKCU’.

File name:

conhost.dll

MD5:

9acaf8d6ad70ee786381f2ff6388f7f8

SHA-1:

82f40a5cc8a2adc1bad3c9eaab73ce99db2ec81a

SHA-256:

78b67344bc075e2e8468f8570c8b4484a0595d3a1cae9f60b28fca9df395352c

Scanner detections:

38 / 68

Status:

Potentially unwanted

Analysis date:

4/23/2024 8:12:06 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Agent.AROC

5707118

Agnitum Outpost

Worm.DR.Rebhip.Gen

7.1.1

AhnLab V3 Security

Trojan/Win32.Llac

2015.07.02

Avira AntiVirus

Worm/Rebhip.A.9877

7.11.30.172

Arcabit

Trojan.Agent.AROC

1.0.0.425

avast!

Win32:Rebhip-AS [Trj]

150602-1

AVG

PSW.Delf.3.E

2016.0.3061

Bitdefender

Trojan.Agent.AROC

1.0.20.915

Clam AntiVirus

Trojan.Agent-192978

0.98/20629

Comodo Security

Backdoor.Win32.Delf.~DF

22639

Dr.Web

Win32.HLLW.Autoruner.25074

9.0.1.05190

Emsisoft Anti-Malware

Trojan.Agent.AROC

10.0.0.5366

ESET NOD32

Win32/Spatet.I trojan

7.0.302.0

Fortinet FortiGate

W32/Spatet.TRR!tr

7/2/2015

F-Prot

W32/Rebhip.A.gen

4.6.5.141

F-Secure

Trojan.Agent.AROC

5.14.151

G Data

Trojan.Agent.AROC

15.7.25

IKARUS anti.virus

not-a-virus:Monitor.Win32.Perflogger

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.205.16429

Kaspersky

Trojan.Win32.Llac

15.0.0.543

Malwarebytes

Trojan.PWS

v2015.07.02.01

McAfee

Trojan.Generic PWS.sz

17.6.569.0

Microsoft Security Essentials

Threat.Undefined

1.201.601.0

MicroWorld eScan

Trojan.Agent.AROC

16.0.0.549

NANO AntiVirus

Trojan.Win32.Llac.dsnuug

0.30.24.2320

Norman

Trojan.Agent.AROC

02.06.2015 14:23:46

nProtect

Trojan/W32.Hijack.304128.B

15.07.01.01

Panda Antivirus

Trj/Spy.YM

15.07.02.01

Quick Heal

Worm.Rebhip.A8

7.15.14.00

Rising Antivirus

PE:Trojan.Win32.Generic.148CEB39!344779577

23.00.65.15630

Sophos

Virus 'Mal/Behav-328'

5.15

SUPERAntiSpyware

Trojan.Agent/Gen-Rebhip

9779

Total Defense

Win32/Llac.AA

37.1.62.1

Trend Micro House Call

TSPY_LLAC.SM

7.2.183

Trend Micro

TSPY_LLAC.SM

10.465.02

Vba32 AntiVirus

Trojan.Llac

3.12.26.4

VIPRE Antivirus

Threat.4728359

40824

Zillya! Antivirus

Trojan.Llac.Win32.48380

2.0.0.2262

File size:

297 KB (304,128 bytes)

File type:

Dynamic link library (Win32 DLL)

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

6144:bOpslFlql0hdBCkWYxuukP1pjSKSNVkq/MVJbW:bwslA0TBd47GLRMTbW

Entry address:

0xE1A8

Entry point:

55, 8B, EC, B9, 17, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, B8, A8, E0, 40, 00, E8, 1D, 71, FF, FF, 33, C0, 55, 68, 33, E8, 40, 00, 64, FF, 30, 64, 89, 20, 8D, 45, EC, E8, D3, 85, FF, FF, 8B, 45, EC, E8, 33, 5A, FF, FF, 50, 6A, 00, 6A, 00, E8, 39, 72, FF, FF, 8B, D8, E8, BA, 72, FF, FF, 3D, B7, 00, 00, 00, 75, 12, 53, E8, F5, 71, FF, FF, 68, E0, 2E, 00, 00, E8, 2B, 73, FF, FF, EB, 06, 53, E8, E3, 71, FF, FF, 8D, 45, E8, E8, EF, 84, FF, FF, 8B, 45, E8, E8, F3, 59, FF, FF, 50, 6A, 00, 6A, 00, E8, F9... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

54.5 KB (55,808 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

HKCU

Command:

C:\conhost\conhost.dll

Remove conhost.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.