home

ethernetactivex.dll

Borland Delphi/C++Builder (Enterprise Edition)

Borland Software Corporation

The library ethernetactivex.dll, “Delphi Pascal Compiler” has been detected as malware by 30 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘ethernetactivex’. According to AVG, this software downloads additional adware offers during setup.
Publisher:
Borland Software Corporation

Product:
Borland Delphi/C++Builder (Enterprise Edition)

Description:
Delphi Pascal Compiler

Version:
7.0.4.453

MD5:
75ac4c4387641e10258f424537b0f522

SHA-1:
c913cda98c44f77eda633713e78d8bd8880b77b5

SHA-256:
c116a603c3b8fe734893ff4c713f7c6c9f6ffb1f370b890a1bb78f10c67bdcc5

Scanner detections:
30 / 68

Status:
Malware

Analysis date:
4/19/2024 7:34:07 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.41062
435

Agnitum Outpost
Trojan.DL.Tracur
7.1.1

AhnLab V3 Security
Trojan/Win32.Tracur
2015.06.03

Avira AntiVirus
TR/Tracur.A.4817
8.3.1.6

Arcabit
Trojan.Symmi.DA066
1.0.0.425

avast!
Win32:Malware-gen
2014.9-151127

AVG
Downloader.Generic13
2016.0.2913

Baidu Antivirus
Trojan.Win32.Tracur
4.0.3.151127

Bitdefender
Gen:Variant.Symmi.41062
1.0.20.1655

Bkav FE
HW32.Packed
1.3.0.6379

Comodo Security
UnclassifiedMalware
22316

Emsisoft Anti-Malware
Gen:Variant.Symmi.41062
8.15.11.27.03

ESET NOD32
Win32/TrojanDownloader.Tracur.AJ
9.11723

Fortinet FortiGate
W32/TRACUR.AJ!tr
11/27/2015

F-Secure
Gen:Variant.Symmi.41062
11.2015-27-11_6

G Data
Gen:Variant.Symmi.41062
15.11.25

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.9.3.0

K7 AntiVirus
Trojan-Downloader
13.204.16114

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.1059

Malwarebytes
Trojan.Agent
v2015.11.27.03

McAfee
Downloader-FAHV!75AC4C438764
5600.6569

Microsoft Security Essentials
Trojan:Win32/Chroject.E!dll
1.1.11701.0

MicroWorld eScan
Gen:Variant.Symmi.41062
16.0.0.993

NANO AntiVirus
Trojan.Win32.Tracur.cymkic
0.30.24.1636

Panda Antivirus
Trj/Genetic.gen
15.11.27.03

Qihoo 360 Security
Win32/Trojan.Multi.daf
1.0.0.1015

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_SPNR.03FI14
7.2.331

Trend Micro
TROJ_SPNR.03FI14
10.465.27

VIPRE Antivirus
Trojan.Win32.Generic
40774

File size:
278 KB (284,672 bytes)

Product version:
7.0.4.453

Copyright:
Copyright (c) 1983,2001 Borland Software Corporation

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\ProgramData\ethernetactivex.dll

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:eVLs0hRdkRG7AdXRA2nhnTtWaddVYO0u2d8:QRizhuIh5l0u26

Entry address:
0x33307

Entry point:
55, 8B, EC, 83, C4, E4, B8, A4, 14, 03, 10, E8, EF, ED, FF, FF, E8, 46, F3, FF, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.0020

Developed / compiled with:
Microsoft Visual C++

Code size:
201 KB (205,824 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
ethernetactivex

Command:
rundll32.exe "C:\ProgramData\ethernetactivex.dll",dllregisterserver


Remove ethernetactivex.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.