home

madCHook.dll

madCHook

www.madshi.net

The library madCHook.dll, “api hooking for 9x/nt” has been detected as malware by 9 anti-virus scanners.
Publisher:
www.madshi.net

Product:
madCHook

Description:
api hooking for 9x/nt

Version:
2.1.3.0

MD5:
15f2544a347d3cdacd50241ae0293974

SHA-1:
a2ac09e3489fe1c7ddd0e0c0680f30ba54c41b9a

SHA-256:
ac26d7de07cedacb325066e7b25712b8d3a08e6bb5f070bbd946abecc92593f2

Scanner detections:
9 / 68

Status:
Malware

Analysis date:
5/12/2025 1:15:06 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Agent.109568.BB
7.11.56.52

Comodo Security
UnclassifiedMalware
14891

F-Prot
W32/Madtol.H@troj
v6.4.6.5.141

IKARUS anti.virus
Trojan.Agent
t3scan.1.3.5.0

K7 AntiVirus
Riskware
13.158.8102

Norman
W32/Suspicious_Gen2.PDCPN
11.20140203

nProtect
Trojan/W32.Agent.109568.BI
13.01.12.01

Sophos
MadCodeHook
4.84

VIPRE Antivirus
Trojan.Win32.Generic
15002

File size:
107 KB (109,568 bytes)

Product version:
2.1.3.0

Copyright:
© www.madshi.net, all rights reserved

Original file name:
madCHook.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\common files\shetab\ketabsaz\engine\2.0\madchook.dll

File PE Metadata
Compilation timestamp:
6/20/1992 2:52:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
3072:TjuaZUmj4Zk2vWVOb3UnWZMZkvMrPtACJa+b1J:TyaGmjweVi2Ja+h

Entry address:
0x1810C

Entry point:
55, 8B, EC, 83, C4, C4, 53, B8, A4, 80, 41, 44, E8, 53, C4, FE, FF, A1, 58, A6, 41, 44, E8, A5, DB, FE, FF, 8B, D8, 85, DB, 74, 21, A1, 58, A6, 41, 44, 03, 43, 28, 3D, 78, 80, 41, 44, 76, 12, E8, 37, FF, FF, FF, 8B, 15, 58, A6, 41, 44, 03, 53, 28, 3B, C2, 77, 04, 33, C0, EB, 02, B0, 01, 8B, 15, B4, 9D, 41, 44, 88, 02, 5B, E8, 8E, B2, FE, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5878

Developed / compiled with:
Microsoft Visual C++

Code size:
92.5 KB (94,720 bytes)

Remove madCHook.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.