» kdfapi2.dll
Overview
Analysis
File Details

kdfapi2.dll

LocalSSL kdfapi2 Library

BlueGem Security

File name:

kdfapi2.dll

Publisher:

BlueGem Security (signed and verified)

Product:

LocalSSL kdfapi2 Library

Description:

kdfapi2 27113010 R5 for TrendMicro

Version:

5, 1, 1, 9

MD5:

74736b2a85f9b6ee97bf35bc68df72c9

SHA-1:

1ffd213c41cc20a18b2261623e4796ecb26b7d4e

SHA-256:

5d2611e0204ccacf69f3dc39334fba04f01ed57477a8ed73559d644683bb1e22

Scanner detections:

2 / 68

Status:

Clean (2 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/25/2024 4:36:46 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Packed/Execryptor

7.1.1

Quick Heal

(Suspicious) - DNAScan

8.14.14.00

File size:

549.5 KB (562,656 bytes)

Product version:

2007, 11, 30, 10

Original file name:

kdfapi2.dll

File type:

Dynamic link library (Win32 DLL)

Language:

Korean (Korea)

Common path:

C:\Program Files\trend micro\trendsecure\tisprotoolbar\package\kdfapi2.dll

Digital Signature

Signed by:

BlueGem Security

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

11/18/2007 6:00:00 PM

Valid to:

1/28/2009 5:59:59 PM

Subject:

CN=BlueGem Security, OU=SALES, O=BlueGem Security, L=Denver, S=Colorado, C=US

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

637F4C87982A4915823487F13CE28604

File PE Metadata

Compilation timestamp:

12/3/2008 5:39:42 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:NsXkH//EDXcAMrOHsuUOoSl75tzRYGdbUU2tF4b0jf6AvbAyhT9:NsNXBHsulLl75t9NIF4or6cHp

Entry address:

0x4629

Entry point:

55, 8B, EC, 53, 8B, 5D, 08, 56, 8B, 75, 0C, 57, 8B, 7D, 10, 85, F6, 75, 09, 83, 3D, 98, 12, 01, 10, 00, EB, 26, 83, FE, 01, 74, 05, 83, FE, 02, 75, 22, A1, A8, 29, 01, 10, 85, C0, 74, 09, 57, 56, 53, FF, D0, 85, C0, 74, 0C, 57, 56, 53, E8, E7, FE, FF, FF, 85, C0, 75, 04, 33, C0, EB, 4E, 57, 56, 53, E8, 17, E2, FF, FF, 83, FE, 01, 89, 45, 0C, 75, 0C, 85, C0, 75, 37, 57, 50, 53, E8, C3, FE, FF, FF, 85, F6, 74, 05, 83, FE, 03, 75, 26, 57, 56, 53, E8, B2, FE, FF, FF, 85, C0, 75, 03, 21, 45, 0C, 83, 7D, 0C, 00... 
[+]

Entropy:

7.3873

Developed / compiled with:

Microsoft Visual C++

Code size:

44 KB (45,056 bytes)

Scan kdfapi2.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.