» mscoree.dll
Overview
Analysis
File Details

mscoree.dll

The file mscoree.dll has been detected as a potentially unwanted program by 31 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.

File name:

mscoree.dll

Description:

Process

Version:

5.4.2.02

MD5:

8b2376ab901ac90c9d8799f4b454b3de

SHA-1:

fd78bfeabde021728698d35449344cc0372d696b

SHA-256:

d2cbcf7da0e6d293519ac35cc3ca533375e1625df6afe00d917a7e3bcfecc662

Scanner detections:

31 / 68

Status:

Potentially unwanted

Explanation:

Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Analysis date:

4/25/2024 12:35:07 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Bundler.DomaIQ.5

866

Agnitum Outpost

PUA.Lollipop

7.1.1

AhnLab V3 Security

Spyware/Win32.Limitail

2014.07.19

Avira AntiVirus

APPL/DomaIQ.Gen

7.11.162.212

avast!

Win32:DomaIQ-CK [PUP]

2014.9-140922

AVG

DomaIQ

2015.0.3344

Baidu Antivirus

Adware.Win32.DomaIQ

4.0.3.14922

Bitdefender

Gen:Variant.Application.Bundler.DomaIQ.5

1.0.20.1325

Clam AntiVirus

Win.Trojan.Agent-746494

0.98/21411

Comodo Security

UnclassifiedMalware

18896

Dr.Web

Trojan.DownLoader11.9717

9.0.1.0265

ESET NOD32

MSIL/DomaIQ (variant)

8.10120

Fortinet FortiGate

Adware/DomaIQ

9/22/2014

F-Prot

W32/A-aa067c55

v6.4.7.1.166

F-Secure

Gen:Variant.Application.Bundler

11.2014-22-09_2

G Data

Gen:Variant.Application.Bundler.DomaIQ

14.9.24

IKARUS anti.virus

PUA.PayInt

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.181.12775

Kaspersky

not-a-virus:AdWare.Win32.Lollipop

14.0.0.3213

McAfee

RDN/Generic PUP.x!c2r

5600.7000

Microsoft Security Essentials

TrojanDownloader:Win32/Tugspay.A

1.10802

MicroWorld eScan

Gen:Variant.Application.Bundler.DomaIQ.5

15.0.0.795

NANO AntiVirus

Trojan.Win32.Stealer.cwxrck

0.28.2.60881

Panda Antivirus

Trj/CI.A

14.09.22.10

Qihoo 360 Security

Win32/Application.b02

1.0.0.1015

Quick Heal

AdWare.Lollipop.r3 (Not a Virus)

9.14.14.00

Sophos

DomainIQ pay-per install

4.98

Trend Micro House Call

TROJ_GEN.R0CBC0PFB14

7.2.265

Trend Micro

TROJ_GEN.R0CBC0PFB14

10.465.22

Vba32 AntiVirus

TScope.Trojan.MSIL

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

31386

File size:

284.5 KB (291,328 bytes)

Product version:

5.4.2.02

Original file name:

mscoree.dll

Common path:

C:\users\{user}\appdata\local\temp\dfsf246.tmp

File PE Metadata

Compilation timestamp:

4/25/2014 7:52:49 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:9UgnAkaVXCnaY8Ezv5biEEtyYRHQQB6SrWDRby0V:9U7LXCl8EzBbjEtyYRHQQsf

Entry address:

0x44C6E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

267.5 KB (273,920 bytes)

Remove mscoree.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.