» gnu.dll
Overview
Analysis
File Details

gnu.dll

Internet Explorer

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The library gnu.dll, “Internet Explorer ImpExp FF exporter” has been detected as malware by 34 anti-virus scanners. According to AVG, this software downloads additional adware offers during setup.

File name:

gnu.dll

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Internet Explorer

Description:

Internet Explorer ImpExp FF exporter

Version:

11.00.9600.16428 (winblue_gdr.131013-1700)

MD5:

cbc1dbf5062331bbe50576936ad53c3e

SHA-1:

4428f23c63b8de8f9976a65a59dd4047b0e17111

SHA-256:

e41e3704a26daa39e3fd37d228383f6b7f8242f6f2823085e11dee10d64327b8

Scanner detections:

34 / 68

Status:

Malware

Analysis date:

4/25/2024 3:45:56 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1756450

918

AhnLab V3 Security

Dropper/Win32.Necurs

2014.07.20

Avira AntiVirus

TR/Crypt.EPACK.21216

7.11.163.2

avast!

Win32:GenMalicious-DE [Trj]

2014.9-140731

AVG

Downloader.Generic13

2015.0.3396

Baidu Antivirus

Trojan.Win32.Necurs

4.0.3.14731

Bitdefender

Trojan.GenericKD.1756450

1.0.20.1060

Bkav FE

HW32.CDB

1.3.0.4959

Comodo Security

UnclassifiedMalware

18908

Dr.Web

Trojan.Click3.8887

9.0.1.0212

Emsisoft Anti-Malware

Trojan.GenericKD.1756450

8.14.07.31.02

ESET NOD32

Win32/TrojanDownloader.Necurs

8.10123

Fortinet FortiGate

W32/Necurs.VTO!tr

7/31/2014

F-Prot

W32/FakeMS.AC.gen

v6.4.7.1.166

F-Secure

Trojan.GenericKD.1756450

11.2014-31-07_5

G Data

Trojan.GenericKD.1756450

14.7.24

IKARUS anti.virus

Trojan-Dropper.Win32.Necurs

t3scan.1.6.1.0

K7 AntiVirus

Trojan-Downloader

13.181.12775

Kaspersky

Trojan-Dropper.Win32.Necurs

14.0.0.3477

Malwarebytes

Trojan.FakeMS.ED

v2014.07.31.02

McAfee

Artemis!CBC1DBF50623

5600.7052

Microsoft Security Essentials

Trojan:Win32/Necurs

1.10802

MicroWorld eScan

Trojan.GenericKD.1756450

15.0.0.636

NANO AntiVirus

Trojan.Win32.Necurs.dcgnrh

0.28.2.60881

Norman

Troj_Generic.UYCZN

11.20140731

Panda Antivirus

Trj/CI.A

14.07.31.02

Qihoo 360 Security

HEUR/Malware.QVM20.Gen

1.0.0.1015

Quick Heal

TrojanDropper.Necurs.r4

7.14.14.00

Rising Antivirus

PE:Trojan.Win32.Generic.16FB0ED1!385552081

23.00.65.14729

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R0CBH01GE14

7.2.212

Vba32 AntiVirus

TrojanDropper.Necurs

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

31422

ViRobot

Trojan.Win32.Necurs.98816

2011.4.7.4223

File size:

96.5 KB (98,816 bytes)

Product version:

11.00.9600.16428

Original file name:

extexport.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\gnu.dll

File PE Metadata

Compilation timestamp:

7/12/2014 2:53:37 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.10

CTPH (ssdeep):

3072:i6pvllJVVDM5OBFfaeZK+RyiXMI/Zc5Fwx:BBB5ZKgMI/

Entry address:

0x5D67

Entry point:

E8, 18, 6E, 00, 00, E9, 93, E9, FF, FF, BC, BC, BC, BC, BC, BC, BC, BC, BC, BC, 42, 10, D8, 20, 27, 75, 74, 89, 00, 30, 68, 50, 1F, 3B, 88, C0, 30, 65, 0D, 10, 00, 12, 80, 13, FC, 2F, 03, 10, 05, 00, 01, F4, C7, 51, 03, 0F, 4B, 02, 02, 52, 08, 00, 22, 80, C7, 8D, B7, C8, 5D, BE, E8, 21, 36, 3A, 04, 22, 6A, 1D, 32, 61, 6A, E8, E0, 20, 50, 15, 23, 23, 0E, 06, C3, 15, 8A, 00, 6A, 22, C0, 01, 6A, 18, B8, 00, 50, 3B, 55, 60, F4, 8D, 21, 52, 4C, EB, 36, 00, 08, CA, 20, 05, 4B, A4, 27, 8D, 44, D2, D0, 80, 8B, FC... 
[+]

Entropy:

7.0605

Code size:

54.5 KB (55,808 bytes)

Remove gnu.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.