» f79492464.dll
Overview
Analysis
File Details

f79492464.dll

Schlumberger Smart Card Java IOP Module for Windows 98, Me, NT, 2000, XP

Schlumberger Technology Corporation

The library f79492464.dll, “Schlumberger Smart Card Java IOP Module” has been detected as malware by 40 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.

File name:

f79492464.dll

Publisher:

Schlumberger Technology Corporation

Product:

Schlumberger Smart Card Java IOP Module for Windows 98, Me, NT, 2000, XP

Description:

Schlumberger Smart Card Java IOP Module

Version:

4.004.0014.0

MD5:

7f2319c9228696bdb4b33d3c8aa68df7

SHA-1:

2caa396a6dd79781c99c41c9d23768d69caa6b64

SHA-256:

f1fac4198e71f4c2afadc246ca0499e787529f889a4ae615250f443ba945f909

Scanner detections:

40 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/25/2024 11:29:37 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Ramnit.N

5828757

Agnitum Outpost

Win32.Nimnul.Gen.2

7.1.1

AhnLab V3 Security

Win32/Ramnit.F

2014.11.24

Avira AntiVirus

W32/Ramnit.C

7.11.30.172

avast!

Win32:RmnDrp

141119-1

AVG

Win32/Zbot.G

2014.0.4189

Baidu Antivirus

Virus.Win32.Nimnul.$a

4.0.3.141123

Bitdefender

Win32.Ramnit.N

1.0.20.1635

Bkav FE

W32.FamVT.Nimnul.PE

1.3.0.4959

Clam AntiVirus

W32.Ramnit-1

0.98/21511

Comodo Security

Virus.Win32.Ramnit.K

20172

Dr.Web

Win32.Siggen.7

9.0.1.05190

Emsisoft Anti-Malware

Win32.Ramnit.N

9.0.0.4570

ESET NOD32

Win32/Ramnit.H virus

7.0.302.0

Fortinet FortiGate

W32/Ramnit.C

11/23/2014

F-Prot

W32/Ramnit.D

4.6.5.141

F-Secure

Win32.Ramnit.N

11.2014-23-11_1

G Data

Win32.Ramnit

14.11.24

IKARUS anti.virus

Virus.Win32.Ramnit

t3scan.1.8.3.0

K7 AntiVirus

Virus

13.185.14098

Kaspersky

Virus.Win32.Nimnul

15.0.0.463

Malwarebytes

Virus.Ramnit

v2014.11.23.09

McAfee

W32/Ramnit.a

5600.6938

Microsoft Security Essentials

Threat.Undefined

1.189.509.0

MicroWorld eScan

Win32.Ramnit.N

15.0.0.981

NANO AntiVirus

Virus.Win32.Nimnul.bmnup

0.28.6.63474

Norman

Ramnit.AS

11.20141123

nProtect

Virus/W32.SpyEye

14.11.21.01

Panda Antivirus

W32/Cosmu.C

14.11.23.09

Qihoo 360 Security

Virus.Win32.Ramnit.A

1.0.0.1015

Quick Heal

W32.Ramnit.A

11.14.14.00

Rising Antivirus

PE:Win32.Ramnit.i!1075353400

23.00.65.141121

Sophos

W32/Ramnit-A

4.98

Total Defense

Win32/Ramnit.C

37.0.11294

Trend Micro House Call

PE_RAMNIT.DEN

7.2.327

Trend Micro

PE_RAMNIT.DEN

10.465.23

Vba32 AntiVirus

Virus.Win32.Nimnul.b

3.12.26.3

VIPRE Antivirus

Threat.4732184

35010

ViRobot

Win32.Nimnul.A

2011.4.7.4223

Zillya! Antivirus

Virus.Nimnul.Win32.2

2.0.0.1991

File size:

372.3 KB (381,279 bytes)

Product version:

4.004.0014.0

Original file name:

slbjiop3.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

File PE Metadata

Compilation timestamp:

2/6/2003 3:59:07 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:ReJ+EAxSZCkzultaEKpVnfChFdOt9FstZvE/yt:ReJBCzlj0EhXcbstZMat

Entry address:

0x3F000

Entry point:

60, E8, 00, 00, 00, 00, 5D, 8B, C5, 81, ED, 1E, A5, 01, 20, 2B, 85, 85, AC, 01, 20, 89, 85, 81, AC, 01, 20, B0, 00, 86, 85, B6, AE, 01, 20, 3C, 01, 0F, 85, BC, 01, 00, 00, 83, BD, B1, AD, 01, 20, 00, 74, 33, 83, BD, B5, AD, 01, 20, 00, 74, 2A, 8B, 85, 81, AC, 01, 20, 2B, 85, B1, AD, 01, 20, 8B, 00, 89, 85, EE, AD, 01, 20, 8B, 85, 81, AC, 01, 20, 2B, 85, B5, AD, 01, 20, 8B, 00, 89, 85, F2, AD, 01, 20, EB, 61, 83, BD, B9, AD, 01, 20, 00, 74, 58, 8B, 85, 81, AC, 01, 20, 2B, 85, B9, AD, 01, 20, FF, 30, 8D, 85... 
[+]

Entropy:

7.1028

Packer / compiler:

ASPack v1.08.04

Code size:

72 KB (73,728 bytes)

Remove f79492464.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.