home

msi.dll

Korea Network Technology Co., Ltd

The module msi.dll by Korea Network Technology Co. has been detected as a potentially unwanted program by 10 anti-malware scanners.
Publisher:
Korea Network Technology Co., Ltd  (signed and verified)

MD5:
3816ef010b554c86e46b71b39a22b759

SHA-1:
fd224e94d22fda35086bc14a3f6a88d40fc071b1

SHA-256:
e390d3cc5a866cf0e5423e5f87573d178cf37f63718e3514884b311e04c4a331

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 11:48:15 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Trojan.Heur.PT.ey5@a83Ondp
807

Bitdefender
Gen:Trojan.Heur.PT.ey5@a83Ondp
1.0.20.1615

Comodo Security
TrojWare.Win32.Trojan.XPACK.Gen
20127

Emsisoft Anti-Malware
Gen:Trojan.Heur.PT.ey5@a83Ondp
8.14.11.19.01

F-Secure
Gen:Trojan.Heur.PT.ey5@a83Ondp
11.2014-19-11_4

G Data
Gen:Trojan.Heur.PT.ey5@a83Ondp
14.11.24

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.8.3.0

MicroWorld eScan
Gen:Trojan.Heur.PT.ey5@a83Ondp
15.0.0.969

Reason Heuristics
PUP.KoreaNetworkTechnologyCo.D
14.11.21.23

Trend Micro House Call
TROJ_GEN.R047H09KI14
7.2.323

File size:
66.9 KB (68,520 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\ProgramData\emproxy\msi.dll

Digital Signature
Signed by:
Korea Network Technology Co., Ltd

Authority:
Thawte, Inc.

Valid from:
10/3/2013 9:00:00 AM

Valid to:
12/3/2014 8:59:59 AM

Subject:
CN="Korea Network Technology Co., Ltd", O="Korea Network Technology Co., Ltd", L=Seongnam-si, S=Gyeonggi-do, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2AB67B7C76D88A5693C0C48E34DA770B

File PE Metadata
Compilation timestamp:
6/9/2014 5:00:27 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
1536:gbdjiXxC3pbJh/2LCttM3WdWP9PHndXzgNbwW93VW99eU0e+8l:gZW03pbP/htteY2B9DgpwW9Fzil

Entry address:
0x133EC

Entry point:
0F, 85, 1F, 00, 00, 00, 68, 50, D5, 59, 52, 60, 54, 60, 9C, C7, 44, 24, 44, D8, 37, BF, D2, C6, 44, 24, 0C, D5, 8D, 64, 24, 44, E9, 36, 20, 00, 00, E8, AF, 0C, 00, 00, 66, 0F, B6, F3, 29, D9, 66, F7, DE, E9, 0A, BA, FF, FF, 60, 9C, E8, BF, DA, FF, FF, 8B, 4D, F8, 66, 81, F6, 1F, 15, 66, 0F, BA, F6, 07, 66, 0F, AD, D7, 66, 09, F6, 03, 4D, FC, F8, 66, 11, EE, D1, E9, 66, 0F, CE, 66, 19, CE, 8B, 3C, 8B, 01, F6, 01, C7, 60, F7, D6, 8B, 75, 0C, 8D, 64, 24, 24, E9, 5B, EA, FF, FF, 60, 60, C7, 44, 24, 3C, F1, EE...
 
[+]

Entropy:
7.7066  (probably packed)

Code size:
512 Bytes (512 bytes)

Remove msi.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.