» findprocdll.dll
Overview
Analysis
File Details

findprocdll.dll

findprocdll.dll is a plugin for the Nullsoft Scriptable Installer System (NSIS) named FindProcDLL that provides the ability to check if any process running just with the name of its .exe file and is based upon the FIND_PROC_BY_NAME function. The library findprocdll.dll has been detected as malware by 39 anti-virus scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server. Although a detection has been made for this resource, it is generally a commonly distributed 3rd-party library and is typically safe by itself.

File name:

findprocdll.dll

MD5:

dd1e8c6fe4178b426e7ab96837c1e1fa

SHA-1:

22f6acf4bf1d1acf60bb80249e0f8456f37d46f8

SHA-256:

4740e8c5cf4cbeba4f099b160d3d8e147dde53727d8bbcd3b153363b7c424a6e

Scanner detections:

39 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/26/2024 4:01:59 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Ramnit.N

1023

Agnitum Outpost

Win32.Nimnul.Gen.2

7.1.1

AhnLab V3 Security

Win32/Ramnit.N

14.04.18

Avira AntiVirus

W32/Ramnit.C

7.11.144.32

avast!

Win32:RmnDrp

2014.9-140418

AVG

Win32/Zbot.G

2015.0.3501

Baidu Antivirus

Virus.Win32.Nimnul.$a

4.0.3.14418

Bitdefender

Win32.Ramnit.N

1.0.20.540

Bkav FE

W32.Tmgrtext.PE

1.3.0.4959

Clam AntiVirus

W32.Ramnit-1

0.98/18355

Comodo Security

Virus.Win32.Ramnit.K

18123

Dr.Web

Win32.Rmnet.8

9.0.1.0108

Emsisoft Anti-Malware

Win32.Ramnit.N

8.14.04.18.12

ESET NOD32

Win32/Ramnit

8.9692

Fortinet FortiGate

W32/Ramnit.C

4/18/2014

F-Prot

W32/Ramnit.E

v6.4.7.1.166

F-Secure

Win32.Ramnit.N

11.2014-18-04_6

G Data

Win32.Ramnit

14.4.24

IKARUS anti.virus

Virus.Win32.Ramnit

t3scan.1.6.1.0

K7 AntiVirus

Virus

13.176.11784

Kaspersky

Virus.Win32.Nimnul

14.0.0.4000

Malwarebytes

Virus.Ramnit

v2014.04.18.12

McAfee

W32/Ramnit.a

5600.7157

Microsoft Security Essentials

Virus:Win32/Ramnit.M

1.10502

MicroWorld eScan

Win32.Ramnit.N

15.0.0.324

NANO AntiVirus

Virus.Win32.Nimnul.bmnup

0.28.0.59288

Norman

Ramnit.AS

11.20140418

nProtect

Win32.Ramnit.N

14.04.17.03

Panda Antivirus

W32/Nimnul.A

14.04.18.12

Qihoo 360 Security

Virus.Win32.Ramnit.A

1.0.0.1015

Quick Heal

W32.Ramnit.A

4.14.12.00

Rising Antivirus

PE:Win32.Mgr.b!1594784

23.00.65.14416

Sophos

W32/Ramnit-A

4.98

Total Defense

Win32/Ramnit.C

37.0.10884

Trend Micro House Call

PE_RAMNIT.DEN

7.2.108

Trend Micro

PE_RAMNIT.DEN

10.465.18

Vba32 AntiVirus

Virus.Win32.Nimnul.b

3.12.26.0

VIPRE Antivirus

Virus.Win32.Ramnit.b

28344

ViRobot

Win32.Nimnul.A

2011.4.7.4223

File size:

144 KB (147,463 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\findprocdll.dll

File PE Metadata

Compilation timestamp:

11/13/2009 7:31:54 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:cZNEo3HowNYkXEbcqVE74FEmM37GpbJvIAIuEJ+hER4:s5vdnmMq3vIAcIn

Entry address:

0xA000

Entry point:

60, E8, 00, 00, 00, 00, 5D, 8B, C5, 81, ED, DD, B9, 01, 20, 2B, 85, 44, C1, 01, 20, 89, 85, 40, C1, 01, 20, B0, 00, 86, 85, 75, C3, 01, 20, 3C, 01, 0F, 85, BC, 01, 00, 00, 83, BD, 70, C2, 01, 20, 00, 74, 33, 83, BD, 74, C2, 01, 20, 00, 74, 2A, 8B, 85, 40, C1, 01, 20, 2B, 85, 70, C2, 01, 20, 8B, 00, 89, 85, AD, C2, 01, 20, 8B, 85, 40, C1, 01, 20, 2B, 85, 74, C2, 01, 20, 8B, 00, 89, 85, B1, C2, 01, 20, EB, 61, 83, BD, 78, C2, 01, 20, 00, 74, 58, 8B, 85, 40, C1, 01, 20, 2B, 85, 78, C2, 01, 20, FF, 30, 8D, 85... 
[+]

Entropy:

7.8036

Packer / compiler:

ASPack v1.08.04

Code size:

19.5 KB (19,968 bytes)

Remove findprocdll.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.