home

it.dll

Shanda Computer (Shanghai) Co., Ltd.

Publisher:
Shanda Computer (Shanghai) Co., Ltd.  (signed and verified)

MD5:
c9c3678bafc68e287c729aba6b0fd664

SHA-1:
a5a467196811f3461caabe9ca7d0a6cc1dfd5887

SHA-256:
87768294100ac65a5685b62cd231ccf6bff632e3d3f4a53dcdc745465fe0bdea

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/24/2024 7:50:47 AM UTC  (today)

Scan engine
Detection
Engine version

NANO AntiVirus
Trojan.Win32.Suspicious.bdbaoc
0.26.0.55532

SUPERAntiSpyware
Trojan.Agent/Gen-Obfuscator
9716

File size:
245.4 KB (251,240 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\level up games\crazy kart\gpk\it.dll

Digital Signature
Signed by:
Shanda Computer (Shanghai) Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
7/12/2009 5:00:00 PM

Valid to:
7/13/2010 4:59:59 PM

Subject:
CN="Shanda Computer (Shanghai) Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Shanda Computer (Shanghai) Co., Ltd.", L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
41DD9EE091EDB18FB5F2666307492AB4

File PE Metadata
Compilation timestamp:
10/19/2009 7:31:43 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:3Hf1q7JxV5VZJyr0gGEr6QJt9J9Kk/FCgNpgpThl3VJGY:XczVLLg3GmNJtn9bpwTLVJGY

Entry address:
0x92E52

Entry point:
68, A9, 8B, 0F, CD, E8, 0E, 33, 00, 00, 18, E3, F6, DF, 80, C7, 15, E8, 03, 5C, FE, FF, 8C, 4A, 09, 00, 8B, 49, 09, 00, F7, 4D, 09, 00, 2D, 29, 09, 00, 91, 4E, 09, 00, D0, F0, 05, 00, 65, 2D, 07, 00, B8, 2F, 09, 00, F1, 2D, 07, 00, 72, 88, 07, 00, 13, 2D, 07, 00, D9, 2C, 07, 00, 05, 2D, 07, 00, 96, 2B, 09, 00, C0, 2C, 09, 00, 99, 2C, 09, 00, AA, E2, 05, 00, 80, 4A, 09, 00, AA, 49, 09, 00, BB, EE, 05, 00, F7, EF, 05, 00, 76, 26, 09, 00, 02, 29, 09, 00, CC, 89, 07, 00, FB, F1, 05, 00, 85, 2B, 09, 00, B7, 27...
 
[+]

Entropy:
7.8185  (probably packed)

Code size:
184 KB (188,416 bytes)

Scan it.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.