» hts.dll
Overview
Analysis
File Details

hts.dll

Internet Explorer

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The library hts.dll, “Internet Explorer ImpExp FF exporter” has been detected as malware by 34 anti-virus scanners. According to AVG, this software downloads additional adware offers during setup.

File name:

hts.dll

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Internet Explorer

Description:

Internet Explorer ImpExp FF exporter

Version:

11.00.9600.16428 (winblue_gdr.131013-1700)

MD5:

df3f6311d8d32c678c2c725598dca63e

SHA-1:

3828b70d9601c2704c7b96451f16e49be2df783a

SHA-256:

881f5b34ff1b8f38d153e85c3d7ec8c1370505e1c074fb954cafd5ba118b9875

Scanner detections:

34 / 68

Status:

Malware

Analysis date:

4/26/2024 6:58:05 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.410609

856

AhnLab V3 Security

Dropper/Win32.Necurs

2014.07.18

Avira AntiVirus

TR/Crypt.ZPACK.65731

7.11.162.112

avast!

Win32:Crypt-REC [Trj]

2014.9-141002

AVG

Downloader.Generic13

2015.0.3334

Baidu Antivirus

Trojan.Win32.Necurs

4.0.3.14102

Bitdefender

Gen:Variant.Kazy.410609

1.0.20.1375

Bkav FE

HW32.CDB

1.3.0.4959

Comodo Security

UnclassifiedMalware

18880

Dr.Web

Trojan.Click3.8802

9.0.1.0275

Emsisoft Anti-Malware

Gen:Variant.Kazy.410609

8.14.10.02.08

ESET NOD32

Win32/TrojanDownloader.Necurs

8.10114

Fortinet FortiGate

W32/Necurs.VSW!tr

10/2/2014

F-Prot

W32/FakeMS.AC.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Kazy.410912

11.2014-02-10_5

G Data

Gen:Variant.Kazy.410609

14.10.24

IKARUS anti.virus

Trojan-Dropper.Win32.Necurs

t3scan.1.6.1.0

K7 AntiVirus

Trojan-Downloader

13.180.12763

Kaspersky

Trojan-Dropper.Win32.Necurs

14.0.0.3163

Malwarebytes

Trojan.FakeMS.ED

v2014.10.02.08

McAfee

RDN/Generic Dropper!uu

5600.6990

Microsoft Security Essentials

Trojan:Win32/Necurs

1.10802

MicroWorld eScan

Gen:Variant.Kazy.410609

15.0.0.825

NANO AntiVirus

Trojan.Win32.Necurs.dcegzg

0.28.2.60881

Norman

Suspicious_Gen4.GTCJU

11.20141002

Panda Antivirus

Trj/CI.A

14.10.02.08

Qihoo 360 Security

Win32/Trojan.Multi.daf

1.0.0.1015

Quick Heal

TrojanDropper.Necurs.r6

10.14.14.00

Rising Antivirus

PE:Malware.XPACK-HIE/Heur!1.9C48

23.00.65.14930

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R0CBC0DGC14

7.2.275

Trend Micro

TROJ_GEN.R0CBC0DGC14

10.465.02

VIPRE Antivirus

Trojan.Win32.Generic

31358

ViRobot

Trojan.Win32.Necurs.101376.A

2011.4.7.4223

File size:

99 KB (101,376 bytes)

Product version:

11.00.9600.16428

Original file name:

extexport.dll

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\hts.dll

File PE Metadata

Compilation timestamp:

7/11/2014 7:47:56 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.10

CTPH (ssdeep):

3072:1wAday6LBhe7mfvQaOmHg4VPQAl98R6+rDhWKx6:Yy6fFvQaOmHl9blWpT

Entry address:

0x6ADD

Entry point:

E8, 90, 7E, 00, 00, E9, 0D, E4, FF, FF, BC, BC, BC, BC, BC, BC, BC, BC, BC, BC, F2, 30, 58, 5D, 1C, D6, E0, 52, 1F, B0, EF, 06, 04, 42, 50, FB, F4, 60, 5D, 84, 11, 8C, C2, 4E, 8B, 10, 20, 2D, 2E, 01, FB, 01, 43, 00, FA, 78, 11, 01, 09, 01, F6, 47, 00, FF, C4, 08, D0, 00, 40, 6D, 02, CE, 39, 08, C0, A6, E9, 0F, 76, 1C, E8, 72, 1B, 10, A0, 00, 50, 50, 17, 50, D0, 60, 0D, 06, B3, 02, 45, 34, 04, 75, AF, 54, 68, 40, F4, C6, 2B, 00, 1F, A4, 30, 50, F2, 81, 00, 06, 90, 0A, 00, 0F, 6A, 00, 80, 04, E8, A3, 1A, 05... 
[+]

Entropy:

6.8206

Code size:

60 KB (61,440 bytes)

Remove hts.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.