» libntkrnldmp.dll
Overview
Analysis
File Details

libntkrnldmp.dll

Updates LTD

The module libntkrnldmp.dll by Updates has been detected as adware by 7 anti-malware scanners.

File name:

libntkrnldmp.dll

Publisher:

Updates LTD (signed and verified)

MD5:

d5cf615e9d5bd05717ff32538f121e00

SHA-1:

8292693eb98a4562b8351d138765d63b1771bfc6

SHA-256:

1a3a261a31244327b512306033a067ed0679952914e3f66bf2b68187a9d10958

Scanner detections:

7 / 68

Status:

Adware

Analysis date:

4/19/2024 1:04:43 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Packed/PECompact

7.1.1

Avira AntiVirus

Adware/NoFB.C

7.11.124.134

avast!

Win32:Febipos-A [Trj]

2014.9-140509

IKARUS anti.virus

Win32.Febipos

t3scan.2.2.29

Reason Heuristics

PUP.Updates.M

14.5.18.10

Sophos

Updates Ltd Adware

4.96

Trend Micro House Call

TROJ_GEN.R0CCH0AJO13

7.2.129

File size:

443.9 KB (454,568 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\windows service\libntkrnldmp.dll

Digital Signature

Signed by:

Updates LTD

Authority:

COMODO CA Limited

Valid from:

12/6/2012 2:00:00 AM

Valid to:

12/7/2013 1:59:59 AM

Subject:

CN=Updates LTD, O=Updates LTD, STREET=Alameda Professor Lucas Nogueira Garcez 2647, L=Atibaia, S=Sao Paulo, PostalCode=12947-000, C=BR

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00FD2CF3FBE5A510B83F16BEBC4554C718

File PE Metadata

Compilation timestamp:

1/23/2012 12:52:29 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

2.21

CTPH (ssdeep):

12288:Z1pJSQAeCCXMZmyb3puGoLk4VneA5OBIZfpsyWeFuQ3sUZ:rTAeCDTb5uGkk4UA5OBIFXHrce

Entry address:

0x10C0

Entry point:

B8, 64, 24, 4A, 70, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, CC, 98, 61, D8, 1B, AB, 5B, 3F, 8F, 80, D9, 7B, AF, CE, 23, 64, 5F, 06, B7, CD, 95, B2, 6F, C4, 45, 13, 37, F6, 6B, 71, 3E, 77, 53, 8A, 68, 9A, 65, FA, FD, 04, 93, D8, C8, 07, 9A, 81, F1, B1, 92, 82, C0, 58, BE, 8E, 1C, 77, D4, 68, FE, 32, 7B, C1, C9, 58, 2D, C4, 08, 0C, 20, 06, 23, 94, 35, 9F, 06, A6, 89, 57, D2, 9A, 98, 8E, 9B, F1, 3F, E1, 04, 99, D9, D2, 8A, FD, 27... 
[+]

Entropy:

7.9969

Packer / compiler:

PECompact v2

Code size:

1.1 MB (1,119,232 bytes)

Remove libntkrnldmp.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.