home

idnreg.DLL

idnreg Module

China Internet Network Information Center

The module idnreg.DLL by China Internet Network Information Center has been detected as a potentially unwanted program by 14 anti-malware scanners.
Publisher:
中国互联网络信息中心(CNNIC)  (signed by China Internet Network Information Center)

Product:
idnreg Module

Version:
2, 6, 0, 0

MD5:
78b3e2b718f5e183f4cf461fcf4b2771

SHA-1:
58a3c04dcb77a35baf20bf09b076f7394ba57836

SHA-256:
2dea4722eef7da291c61a58636d8a8695e3f17af3e0d1d60ddbd4e9122452b6f

Scanner detections:
14 / 68

Status:
Potentially unwanted

Analysis date:
5/3/2024 9:20:09 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-Adware/Cnnic.32768
2016.06.14

Avira AntiVirus
ADSPY/Inreg
8.3.3.4

Bkav FE
W32.BDSearchF.Trojan
1.3.0.8085

Comodo Security
UnclassifiedMalware
25244

F-Prot
W32/Cdn.B
v6.4.7.1.166

F-Secure
Adware:W32/CDN
11.2016-26-07_3

G Data
Win32.Trojan.Agent.C1H37X
16.7.25

IKARUS anti.virus
Virus.Win32.AdWare
t3scan.2.0.9.0

McAfee
Adware-BDSearch
5600.6326

Microsoft Security Essentials
BrowserModifier:Win32/CNNIC
1.1.12805.0

Panda Antivirus
Generic Malware
16.07.26.05

Sophos
CNav (PUA)
4.98

VIPRE Antivirus
Virus.Win32.AdWare
50106

ViRobot
Adware.Cinnic.36224[h]
2014.3.20.0

File size:
35.4 KB (36,224 bytes)

Product version:
2, 6, 0, 0

Copyright:
Copyright CNNIC 2006 - 2007

Original file name:
idnreg.DLL

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\idnreg.dll

Digital Signature
Signed by:
China Internet Network Information Center

Authority:
VeriSign, Inc.

Valid from:
9/27/2007 8:00:00 AM

Valid to:
10/12/2008 7:59:59 AM

Subject:
CN=China Internet Network Information Center, OU=Technique Department, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=China Internet Network Information Center, L=Beijing, S=Beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
761D3A4FD32582CEE746EBEE9286C959

File PE Metadata
Compilation timestamp:
3/29/2007 3:49:18 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
384:+ZEgFRtbFkDRp/MjZlUoGbr2HSZyy4Ho3yxx7q7ParKpOBxbJy:+7qRp0jZlUoG2HoyK6hI29b

Entry address:
0x3415

Entry point:
FF, 74, 24, 0C, FF, 74, 24, 0C, FF, 74, 24, 0C, E8, 4C, DC, FF, FF, C2, 0C, 00, FF, 15, 78, 40, 00, 10, 33, C0, C3, A1, A0, 52, 00, 10, 56, 85, C0, 75, 13, FF, 74, 24, 08, 50, FF, 35, 40, 52, 00, 10, FF, 15, 88, 40, 00, 10, 5E, C3, 8B, 0D, A4, 52, 00, 10, 8B, 15, 9C, 52, 00, 10, FF, 05, A4, 52, 00, 10, 23, D1, 8B, 34, 90, 8B, 44, 24, 08, 83, C0, 08, 50, 6A, 00, 56, FF, 15, 88, 40, 00, 10, 85, C0, 74, 07, 89, 30, 83, C0, 08, 5E, C3, 33, C0, 5E, C3, 8B, 44, 24, 04, 33, C9, 3B, C1, 75, 0B, FF, 74, 24, 08, E8...
 
[+]

Entropy:
4.4951

Code size:
12 KB (12,288 bytes)

Remove idnreg.DLL - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.