» cryptoprovider.dll
Overview
Analysis
File Details

cryptoprovider.dll

Online files icon's overlay

The library cryptoprovider.dll has been detected as malware by 24 anti-virus scanners.

File name:

cryptoprovider.dll

Publisher:

Microsoft* (Invalid match)

Product:

Online files icon's overlay

Version:

1.0.2.5

MD5:

145e3449b84429729e42f396a982b4a8

SHA-1:

29607e89937c0ccfe22e5f79030b136fcb309401

SHA-256:

e45b4542056fbf890bf0a895dd21d7247fb3591f3b77f9fab19187bcb0572464

Scanner detections:

24 / 68

Status:

Malware

Analysis date:

4/19/2024 11:34:05 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.11108205

990

AhnLab V3 Security

Trojan/Win32.Hydra

14.05.21

avast!

Win64:Dropper-gen [Drp]

2014.9-140521

AVG

Generic35

2015.0.3468

Baidu Antivirus

Trojan.Win64.Sathurbot

4.0.3.14521

Bitdefender

Trojan.Generic.11108205

1.0.20.705

Dr.Web

Trojan.Siggen6.11203

9.0.1.0141

Emsisoft Anti-Malware

Backdoor.Win64.Agent

8.14.05.21.10

ESET NOD32

Win64/Sathurbot (variant)

8.9776

F-Secure

Trojan.Generic.11108205

11.2014-21-05_4

G Data

Trojan.Generic.11108205

14.5.24

IKARUS anti.virus

Trojan.Win64

t3scan.1.6.1.0

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.3833

Malwarebytes

Backdooor.HydraLoader

v2014.05.21.10

McAfee

Artemis!145E3449B844

5600.7124

Microsoft Security Essentials

Trojan:Win64/Sathurbot.A

1.10502

MicroWorld eScan

Trojan.Generic.11108205

15.0.0.423

Norman

Suspicious_Gen4.GAKMG

11.20140521

nProtect

Trojan.Generic.11108205

14.05.08.01

Panda Antivirus

Trj/CI.A

14.05.21.10

Trend Micro House Call

TROJ_GEN.R0E6C0DD814

7.2.141

Trend Micro

TROJ_GEN.R0E6C0DD814

10.465.21

VIPRE Antivirus

Trojan.Win32.Generic

29016

XVirus List

Win64.Detected

2.5.21

File size:

2.8 MB (2,967,040 bytes)

Product version:

1.0.2.3

Microsoft

Trademarks:

Microsoft

File type:

Dynamic link library (Win64 DLL)

Language:

English (United States)

Common path:

C:\ProgramData\microsoft\crypto\rsa64\cryptoprovider.dll

Registration

CLSID:

{24808826-C2BF-4269-B3BA-89D1D5F431A4}

COM registered:

Yes

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

49152:VhTJYUJ+p36oXfCYpOZYOji+YhHxwlVyzWUst4RPDjsAkBFJ9o3dlvz4+ed:VByUJc3DvCYZ7JRwrsWJADoAcstl7

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 7F, 96, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, A7, FE, FF, FF, CC, CC, CC, 48, 89, 4C, 24, 08, 48, 81, EC, 88, 00, 00, 00, 48, 8D, 0D, F5, E7, 27, 00, FF, 15, AF, 9D, 01, 00, 48, 8B, 05, E0, E8, 27, 00, 48, 89, 44, 24, 58, 45, 33, C0, 48, 8D, 54, 24, 60, 48, 8B, 4C, 24, 58, E8, ED, F7, 00, 00, 48, 89, 44, 24, 50, 48, 83, 7C, 24... 
[+]

Entropy:

7.8370 (probably packed)

Remove cryptoprovider.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.