home

ftpclient-old.dll

웹FTP

Simplex Internet, INC

The module ftpclient-old.dll, “Cafe24FtpCtl Module” by Simplex Internet, INC has been detected as a potentially unwanted program by 9 anti-malware scanners. The file has been seen being downloaded from axmanager-001.cafe24.com.
Publisher:
심플렉스인터넷(주)  (signed by Simplex Internet, INC)

Product:
웹FTP

Description:
Cafe24FtpCtl Module

Version:
1, 0, 2, 30

MD5:
84fed4ca04e11611c7bb2a200dde0bf3

SHA-1:
bc4353922c4c26e235ecbf8f97e3fd63ba127813

SHA-256:
58eed15ee4ad1844b8e8f634ed9657a09f725028597a702033dba00aee73ea83

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
4/16/2024 10:57:06 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Symmi.31225
887

Bitdefender
Gen:Variant.Adware.Symmi.31225
1.0.20.1220

Bkav FE
W32.Clod48c.Trojan
1.3.0.4613

Emsisoft Anti-Malware
Gen:Variant.Adware.Symmi.31225
8.14.09.01.03

F-Secure
Gen:Variant.Adware.Symmi.31225
11.2014-01-09_2

G Data
Gen:Variant.Adware.Symmi.31225
14.9.22

IKARUS anti.virus
Win32.SuspectCrc
t3scan.2.2.29

MicroWorld eScan
Gen:Variant.Adware.Symmi.31225
15.0.0.732

Trend Micro House Call
TROJ_GEN.F47V1114
7.2.244

File size:
710.1 KB (727,152 bytes)

Product version:
1, 0, 2, 30

Copyright:
심플렉스인터넷(주). All rights reserved.

Original file name:
Cafe24FtpCtl.DLL

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\ftpclient-old.dll

Digital Signature
Signed by:
Simplex Internet, INC

Authority:
Thawte, Inc.

Valid from:
5/18/2012 9:00:00 AM

Valid to:
5/19/2014 8:59:59 AM

Subject:
CN="Simplex Internet, INC", O="Simplex Internet, INC", L=Dongjak-gu, S=SEOUL, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
52FDE25B2D227CA5C9978FBF65B309BE

File PE Metadata
Compilation timestamp:
1/15/2009 9:54:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:Ixc8lQhJxRTds0xieYAvPOBpT4smDn9vnNpe:Iq8lQhJxRBYAvWBpTE9vO

Entry address:
0x4B0D3

Entry point:
83, 7C, 24, 08, 01, 75, 05, E8, 36, 8C, 00, 00, FF, 74, 24, 04, 8B, 4C, 24, 10, 8B, 54, 24, 0C, E8, ED, FE, FF, FF, 59, C2, 0C, 00, 83, 3D, 08, DE, 06, 10, 00, 74, 15, 68, 08, DE, 06, 10, E8, CB, 46, 00, 00, 85, C0, 59, 74, 06, FF, 15, 08, DE, 06, 10, E8, A3, 2D, 00, 00, 85, C0, 74, 07, 50, E8, 55, 2F, 00, 00, 59, FF, 74, 24, 04, FF, 15, DC, 71, 06, 10, CC, 6A, 0C, 68, 98, 0A, 08, 10, E8, EB, D8, FF, FF, E8, FF, 2D, 00, 00, 83, 65, FC, 00, FF, 70, 58, FF, 50, 54, 50, E8, A6, FF, FF, FF, 8B, 45, EC, 8B, 08...
 
[+]

Entropy:
6.3537

Code size:
408 KB (417,792 bytes)

The file ftpclient-old.dll has been seen being distributed by the following URL.

http://axmanager-001.cafe24.com/.../FTPClient-Old.dll

Remove ftpclient-old.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.