home

dark.dll

The library dark.dll has been detected as malware by 5 anti-virus scanners. The file has been seen being downloaded from dc414.2shared.com.
MD5:
55b8b5c0c2e6aa2ce3c19fe97296687e

SHA-1:
8a5979f616381704eb3db19099f0578a6d44b4c5

SHA-256:
ea2f2638454b7d7da9ff73a3d9aeacf2deba04e4f1c7c1cb3e654ad4a38b9c47

Scanner detections:
5 / 68

Status:
Malware

Explanation:
The software cotains keystroke monitoring/logging capablities which may or may not be installed without the user's knowledge.

Analysis date:
4/27/2024 1:18:20 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
2014.9-140601

Baidu Antivirus
Trojan.Win32.GameHack
4.0.3.1461

Bkav FE
HW32.Keylogger
1.3.0.4959

ESET NOD32
Win32/GameHack.CY potentially unsafe application
7.0.302.0

IKARUS anti.virus
Trojan-Downloader.Win32.Agent
t3scan.1.6.1.0

File size:
17.4 KB (17,861 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\downloads\dark.dll

File PE Metadata
Compilation timestamp:
9/8/2011 6:35:49 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.56

CTPH (ssdeep):
192:XUzR/Wo6BVtAjhRbJf0ZgBlmrDGoOv8I1A8BD:XUNuDw3bV0ZgBlmrDGoOv80HD

Entry address:
0x1000

Entry point:
55, 89, E5, 57, 56, 53, 83, EC, 0C, 8B, 7D, 0C, 83, FF, 01, 0F, 84, AB, 00, 00, 00, 89, 7C, 24, 04, 8B, 5D, 10, 8B, 4D, 08, 89, 5C, 24, 08, 89, 0C, 24, E8, C7, 03, 00, 00, 89, C6, 83, EC, 0C, 83, FF, 01, 0F, 94, C2, 31, C0, 85, F6, 0F, 94, C0, 85, C2, 74, 5B, 8B, 15, 00, 40, 80, 69, 85, D2, 74, 45, 8B, 1D, 10, 40, 80, 69, EB, 0D, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 83, EB, 04, 39, D3, 72, 19, 8B, 03, 85, C0, 74, F3, FF, D0, 8B, 15, 00, 40, 80, 69, 83, EB, 04, 39, D3, 73, EB, 8D, 74, 26, 00...
 
[+]

Entropy:
4.3586

Code size:
3 KB (3,072 bytes)

The file dark.dll has been seen being distributed by the following URL.

http://dc414.2shared.com/download/.../dark.dll?tsid=20131202-062524-cb429626

Remove dark.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.