» pwnboxerhk.dll
Overview
Analysis
File Details

pwnboxerhk.dll

Microsoft Research Detours Package

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The library pwnboxerhk.dll, “Marks process modified by Detours technology.” has been detected as malware by 7 anti-virus scanners.

File name:

pwnboxerhk.dll

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Microsoft Research Detours Package

Description:

Marks process modified by Detours technology.

Version:

Express Version 2.1 Build_216

MD5:

06061713cb05026c1cb95056e7bc38fc

SHA-1:

f75eed2d079b8e39976428823ec5e7c802883136

SHA-256:

0cd8e49d6d688bb552d4d3e9e52c5075aa3378543022644324a1b61701e45060

Scanner detections:

7 / 68

Status:

Malware

Analysis date:

5/14/2025 11:47:12 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Kazy.49979

7.11.141.200

Comodo Security

UnclassifiedMalware

18068

IKARUS anti.virus

Trojan.Kazy

t3scan.1.6.1.0

McAfee

Artemis!06061713CB05

5600.7144

Norman

Suspicious_Gen4.UQWP

11.20140501

Qihoo 360 Security

Win32/Trojan.2b2

1.0.0.1015

Sophos

Mal/Generic-S

4.98

File size:

576.5 KB (590,336 bytes)

Product version:

Express Version 2.1 Build_216

Original file name:

DETOURED.DLL

File type:

Dynamic link library (Win32 DLL)

Language:

English (United States)

File PE Metadata

Compilation timestamp:

10/3/2011 10:38:09 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

1536:YUnhtEMvNmJZBd3PF187h7HK/r+fBg/CGBGC5Yqrf5fw+80NcQXCli1+cy:lnLEMFmJZBM0zf5fw+80NcQXClizy

Entry address:

0x57A2

Entry point:

8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, E5, 2B, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, 6A, 0C, 68, D0, 43, 01, 10, E8, 1F, 03, 00, 00, 8B, 75, 08, 85, F6, 74, 75, 83, 3D, 2C, 7C, 01, 10, 03, 75, 43, 6A, 04, E8, 16, 2E, 00, 00, 59, 83, 65, FC, 00, 56, E8, 3E, 2E, 00, 00, 59, 89, 45, E4, 85, C0, 74, 09, 56, 50, E8, 5F, 2E, 00, 00, 59, 59, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 83, 7D, E4, 00, 75, 37, FF, 75, 08, EB, 0A, 6A, 04, E8, 02, 2D, 00, 00... 
[+]

Entropy:

1.5077

Code size:

61 KB (62,464 bytes)

Remove pwnboxerhk.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.