home

m2bob_dll.dll

Windows NT BASE API Client DLL

Ymir Entertainment Co., Ltd

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The library m2bob_dll.dll, “Windows NT BASE API Client DLL” has been detected as malware by 15 anti-virus scanners.
Publisher:
Microsoft Corporation  (signed by Ymir Entertainment Co., Ltd)

Product:
Microsoft® Windows® Operating System

Description:
Windows NT BASE API Client DLL

Version:
6.3.9600.16384

MD5:
5b4a2a8f957aa26355c9b90ec61f8a41

SHA-1:
1fedd087fc523511f0573b181dda930300f9618a

SHA-256:
376644825c828082d707d5d28f723f176759604acf44778533337b3ac37e2d5f

Scanner detections:
15 / 68

Status:
Malware

Analysis date:
4/20/2024 5:32:20 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11441506
850

Agnitum Outpost
Trojan.FKM
7.1.1

Bitdefender
Trojan.Generic.11441506
1.0.20.1405

Emsisoft Anti-Malware
Trojan.Generic.11441506
8.14.10.08.10

F-Prot
W32/Patched.P.gen
v6.4.7.1.166

F-Secure
Trojan.Generic.11441506
11.2014-08-10_4

G Data
Trojan.Generic.11441506
14.10.24

MicroWorld eScan
Trojan.Generic.11441506
15.0.0.843

Trend Micro House Call
Suspicious_GEN.F47V0627
7.2.281

VIPRE Antivirus
Trojan.Win32.Generic
30964

File size:
2.6 MB (2,697,736 bytes)

Product version:
6.3.9600.16384

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
kernel32

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\m2bob - version 3.6.2\m2bob_dll.dll

Digital Signature
Signed by:
Ymir Entertainment Co., Ltd

Authority:
Thawte, Inc.

Valid from:
6/6/2012 3:00:00 AM

Valid to:
8/6/2014 2:59:59 AM

Subject:
CN="Ymir Entertainment Co., Ltd", O="Ymir Entertainment Co., Ltd", L=GyangNam-Gu, S=Seoul, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
40DB0889DC1AE4DCB8A753D60220CAB8

File PE Metadata
Compilation timestamp:
6/25/2014 9:52:33 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
5.0

CTPH (ssdeep):
49152:0O1w5dm9+Q5pDJs4KE14nuzifXp6gyN1Kct/JcHgNcxAmuz8clC57N:0Oo5QVsPnuW56tbxyqmuAcc57N

Entry address:
0xA42000

Entry point:
83, EC, 04, 50, 53, E8, 01, 00, 00, 00, CC, 58, 89, C3, 40, 2D, 00, D0, 0E, 00, 2D, 1C, 8A, 09, 10, 05, 11, 8A, 09, 10, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, A3, 0B, 26, 5B, 68, 85, F6, C4, 34, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 89, E5, 50, 53, 51, 56, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, 85, C9, 74, 0A, 31, 06, 01, 1E, 83, C6, 04, 49, EB, F2, 5E, 59, 5B, 58, C9, C2, 10, 00, 3A, DC, A8, 16, DB, 27, 97, E6, 45, BD, 82, 80, 58, E1...
 
[+]

Code size:
3.7 MB (3,911,680 bytes)

Remove m2bob_dll.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.