home

f118484000.dll

PBKOE

BVRP Software

The library f118484000.dll, “Module d'accès annuaire MS Outlook Express” has been detected as malware by 40 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
Publisher:
BVRP Software

Product:
PBKOE

Description:
Module d'accès annuaire MS Outlook Express

Version:
3.00

MD5:
0302c27532853c0aeba6d68328d13e28

SHA-1:
1b02a2c1a65afe8c1dcefb1f4b0f4e6e37b7c8b3

SHA-256:
86da68fb2f40de19116f4204be32dcac9912cd7731e42e01ce892be487db0a78

Scanner detections:
40 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/18/2024 4:30:36 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Ramnit.N
5829319

Agnitum Outpost
Win32.Nimnul.Gen.2
7.1.1

AhnLab V3 Security
Win32/Ramnit.F
2014.11.24

Avira AntiVirus
W32/Ramnit.C
7.11.30.172

avast!
Win32:RmnDrp
141119-1

AVG
Win32/Zbot.G
2014.0.4189

Baidu Antivirus
Virus.Win32.Nimnul.$a
4.0.3.141123

Bitdefender
Win32.Ramnit.N
1.0.20.1635

Bkav FE
W32.FamVT.Nimnul.PE
1.3.0.4959

Clam AntiVirus
W32.Ramnit-1
0.98/21511

Comodo Security
Virus.Win32.Ramnit.K
20172

Dr.Web
Win32.Siggen.7
9.0.1.05190

Emsisoft Anti-Malware
Win32.Ramnit.N
9.0.0.4570

ESET NOD32
Win32/Ramnit.H virus
7.0.302.0

Fortinet FortiGate
W32/Ramnit.C
11/23/2014

F-Prot
W32/Ramnit.D
4.6.5.141

F-Secure
Win32.Ramnit.N
11.2014-23-11_1

G Data
Win32.Ramnit
14.11.24

IKARUS anti.virus
Virus.Win32.Ramnit
t3scan.1.8.3.0

K7 AntiVirus
Virus
13.185.14098

Kaspersky
Virus.Win32.Nimnul
15.0.0.543

Malwarebytes
Virus.Ramnit
v2014.11.23.09

McAfee
W32/Ramnit.a
5600.6938

Microsoft Security Essentials
Threat.Undefined
1.189.509.0

MicroWorld eScan
Win32.Ramnit.N
15.0.0.981

NANO AntiVirus
Virus.Win32.Nimnul.bmnup
0.28.6.63474

Norman
Ramnit.AS
11.20141123

nProtect
Virus/W32.SpyEye
14.11.21.01

Panda Antivirus
W32/Cosmu.C
14.11.23.09

Qihoo 360 Security
Virus.Win32.Ramnit.A
1.0.0.1015

Quick Heal
W32.Ramnit.A
11.14.14.00

Rising Antivirus
PE:Win32.Ramnit.i!1075353400
23.00.65.141121

Sophos
W32/Ramnit-A
4.98

Total Defense
Win32/Ramnit.C
37.0.11294

Trend Micro House Call
PE_RAMNIT.DEN
7.2.327

Trend Micro
PE_RAMNIT.DEN
10.465.23

Vba32 AntiVirus
Virus.Win32.Nimnul.b
3.12.26.3

VIPRE Antivirus
Threat.4732184
35010

ViRobot
Win32.Nimnul.A
2011.4.7.4223

Zillya! Antivirus
Virus.Nimnul.Win32.2
2.0.0.1991

File size:
300.3 KB (307,553 bytes)

Product version:
2.18

Copyright:
Copyright (C) 1999

Original file name:
PBKOE.DLL

File type:
Dynamic link library (Win32 DLL)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
9/9/2004 11:18:06 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:7+VUJvJQHxDxNbpDnZFA4ONtg7QlqdSD9KELtN/vap6F94mg+S2:7JJhoxNtDtatg74qdvstZvE/yh

Entry address:
0x2C000

Entry point:
60, E8, 00, 00, 00, 00, 5D, 8B, C5, 81, ED, 1E, A5, 01, 20, 2B, 85, 85, AC, 01, 20, 89, 85, 81, AC, 01, 20, B0, 00, 86, 85, B6, AE, 01, 20, 3C, 01, 0F, 85, BC, 01, 00, 00, 83, BD, B1, AD, 01, 20, 00, 74, 33, 83, BD, B5, AD, 01, 20, 00, 74, 2A, 8B, 85, 81, AC, 01, 20, 2B, 85, B1, AD, 01, 20, 8B, 00, 89, 85, EE, AD, 01, 20, 8B, 85, 81, AC, 01, 20, 2B, 85, B5, AD, 01, 20, 8B, 00, 89, 85, F2, AD, 01, 20, EB, 61, 83, BD, B9, AD, 01, 20, 00, 74, 58, 8B, 85, 81, AC, 01, 20, 2B, 85, B9, AD, 01, 20, FF, 30, 8D, 85...
 
[+]

Entropy:
7.2130

Packer / compiler:
ASPack v1.08.04

Code size:
28 KB (28,672 bytes)

Remove f118484000.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.