» iuznffnsdlo.exe
Overview
Analysis
File Details
Behaviors (1)

iuznffnsdlo.exe

Windows Application Verifier Automation DLL

Supersoft

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application iuznffnsdlo.exe, “Windows Application Verifier Automation DLL” by Supersoft has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Dynamic Software Inc’.

File name:

iuznffnsdlo.exe

Publisher:

Microsoft Corporation (signed by Supersoft)

Product:

Microsoft® Windows® Operating System

Description:

Windows Application Verifier Automation DLL

Version:

6.3.9600.16384

MD5:

5a037f6495c2d8acaf7d6458d51401a8

SHA-1:

a76e9a1d345e8aa774de378162219421b86ba8c9

SHA-256:

d7d36a826f15ab356ef59cad7cc3f7daac1436fb88c46277e88879340add0e07

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/20/2024 12:21:49 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

16.10.25.11

File size:

216.2 KB (221,416 bytes)

Product version:

6.3.9600.16384

Original file name:

vrfauto.dll

File type:

Executable application (Win32 EXE)

Common path:

C:\ProgramData\dynasoft\iuznffnsdlo.exe

Digital Signature

Signed by:

Supersoft

Authority:

Supersoft

Valid from:

9/30/2012 1:56:38 PM

Valid to:

1/1/2040 5:29:59 AM

Subject:

CN=Supersoft

Issuer:

CN=Supersoft

Serial number:

6B50254A40C7CFB14A405056B8F04272

File PE Metadata

Compilation timestamp:

4/20/2014 2:24:06 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

6144:ViGiErHty8VUEQjOnmJqPbqiSGveciVkmvnQdQqaL:oGiEtUEQan9qhoe7kmvnQdQJ

Entry address:

0x1000

Entry point:

33, C0, C3, 55, 8B, EC, 83, EC, 14, 53, 57, 8B, 7D, 0C, 33, DB, 85, FF, 0F, 84, D6, 00, 00, 00, 8B, 45, 10, 8B, D7, 56, 8B, 75, 08, 03, C6, 89, 45, EC, 89, 55, F0, 3B, F0, 0F, 83, BA, 00, 00, 00, 89, 5D, F4, 8B, D3, 3B, F0, 73, 4B, 8A, CB, 84, C9, 75, 36, 8A, 0E, 46, 8D, 41, D5, 3C, 4F, 77, 0B, 0F, BE, C1, 8A, 88, E5, 1F, 40, 00, EB, 02, 8A, CB, 84, C9, 74, 10, 8D, 41, C3, 33, FF, 80, F9, 24, 0F, B6, C0, 0F, 44, C7, 8A, C8, 8B, 45, EC, 3B, F0, 72, CA, 84, C9, 74, 09, FF, 45, F4, FE, C9, 88, 4C, 15, F8, 42... 
[+]

Entropy:

6.0529

Code size:

2 KB (2,048 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Dynamic Software Inc

Command:

"C:\ProgramData\dynasoft\iuznffnsdlo.exe"

Remove iuznffnsdlo.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.