» forgoten.dll
Overview
Analysis
File Details

forgoten.dll

The file forgoten.dll has been detected as a potentially unwanted program by 29 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup.

File name:

forgoten.dll

Description:

forgoten

Version:

7.23.54.23

MD5:

2b2aa6931c37c533c9c31527b14942a9

SHA-1:

0f4d7f30d436268ece635b013c5f38bfeb5125ed

SHA-256:

29e273cc350f1e6af331be061936f684286bd42384193eee10bdbb61f57d4895

Scanner detections:

29 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 6:02:42 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1708827

836

Agnitum Outpost

PUA.DomaIQ

7.1.1

AhnLab V3 Security

PUP/Win32.DomaIQ

2014.07.31

Avira AntiVirus

TR/Dldr.Tugspay.A.227

7.11.164.146

avast!

Win32:DomaIQ-CK [PUP]

2014.9-141022

AVG

Downloader.Generic13

2015.0.3314

Baidu Antivirus

Adware.Win32.DomaIQ

4.0.3.141022

Bitdefender

Trojan.GenericKD.1708827

1.0.20.1475

Comodo Security

UnclassifiedMalware

19024

Emsisoft Anti-Malware

Trojan.GenericKD.1708827

8.14.10.22.04

Fortinet FortiGate

Riskware/DomaIQ

10/22/2014

F-Secure

Trojan.GenericKD.1708827

11.2014-22-10_4

G Data

Trojan.GenericKD.1708827

14.10.24

IKARUS anti.virus

AdWare.DomaIQ

t3scan.1.6.1.0

K7 AntiVirus

Riskware

13.181.12872

Kaspersky

not-a-virus:HEUR:AdWare.MSIL.DomaIQ

14.0.0.3064

Malwarebytes

PUP.Optional.DomaIQ

v2014.10.22.04

McAfee

PUP-FKG

5600.6970

Microsoft Security Essentials

TrojanDownloader:Win32/Tugspay.A

1.10802

MicroWorld eScan

Trojan.GenericKD.1708827

15.0.0.885

NANO AntiVirus

Riskware.Win32.OCJ.dbgucj

0.28.2.61148

nProtect

Trojan.GenericKD.1708827

14.07.29.01

Panda Antivirus

Trj/OCJ.F

14.10.22.04

Qihoo 360 Security

Win32/Virus.Adware.c96

1.0.0.1015

Quick Heal

AdWare.MSIL.r3 (Not a Virus)

10.14.14.00

Sophos

Generic PUA AP

4.98

Trend Micro House Call

TROJ_GEN.R0CBC0PFB14

7.2.295

Trend Micro

TROJ_GEN.R0CBC0PFB14

10.465.22

VIPRE Antivirus

Trojan.Win32.Generic

31746

File size:

311 KB (318,464 bytes)

Product version:

7.23.54.23

Original file name:

forgoten.dll

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\dfs599e.tmp

File PE Metadata

Compilation timestamp:

6/5/2014 4:41:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:ZxX98BrBzoMymoR0fHgmFu5oSgtSz9Q1D7b2lGhixjVk5Q:ZsBdzoMC0/g7oTtSzTZj

Entry address:

0x3AFDE

Entry point:

FF, 25, 00, 20, 00, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 03, 00, 03, 00, 00, 00, 28, 00, 00, 80, 0E, 00, 00, 00, B8, 00, 00, 80, 10, 00, 00, 00, E8, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 02, 00, 00, 00, 58, 00, 00, 80, 03, 00, 00, 00, 70, 00, 00, 80, 04, 00, 00, 00, 88, 00, 00, 80, 05, 00, 00, 00, A0, 00, 00, 80, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.1158

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

228 KB (233,472 bytes)

Remove forgoten.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.