» regedt32o.dll
Overview
Analysis
File Details
Behaviors (1)

regedt32o.dll

The library regedt32o.dll has been detected as malware by 12 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler named LHWLGM triggered to automatically run when the computer boots.

File name:

regedt32o.dll

MD5:

d0e16f25cb4450230dc265bdfebeea97

SHA-1:

23fda782a33f35f59de15ebebbaa5df01c251cbc

SHA-256:

0b6acfff2b03dd8c7a2c9a1c143787a704933df3929e8061338657be63d2b38a

Scanner detections:

12 / 68

Status:

Malware

Analysis date:

4/16/2024 2:54:18 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.720301

5696344

Arcabit

Trojan.Kazy.DAFDAD

1.0.0.624

AVG

Crypt5

2016.0.2913

Bitdefender

Gen:Variant.Kazy.720301

1.0.20.1655

Emsisoft Anti-Malware

Gen:Variant.Kazy.720301

10.0.0.5366

ESET NOD32

Win32/Ponmocup.JG trojan

7.0.302.0

F-Secure

Gen:Variant.Kazy.720301

5.15.21

G Data

Gen:Variant.Kazy.720301

15.11.25

MicroWorld eScan

Gen:Variant.Kazy.720301

16.0.0.993

Norman

Gen:Variant.Kazy.720301

07.10.2015 03:16:12

Qihoo 360 Security

HEUR/QVM29.0.Malware.Gen

1.0.0.1077

Reason Heuristics

Threat.Win.Reputation.IMP

15.11.28.3

File size:

592 KB (606,208 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\windows\syswow64\regedt32o.dll

File PE Metadata

Compilation timestamp:

3/2/2013 4:56:05 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

6144:UG0AM+2zME+IlkWDhwiinRVYzKgwnnvI+5KXZsSjaYlHnZDqOF/pbWcW3Rj9O:UuszMwlhBinRWzKgwnvI++sClnZ29O

Entry address:

0x4B298

Entry point:

83, 7C, 24, 08, 01, 75, 05, E8, 80, 4E, 01, 00, FF, 74, 24, 04, 8B, 4C, 24, 10, 8B, 54, 24, 0C, E8, ED, FE, FF, FF, 59, C2, 0C, 00, 55, 8B, EC, 51, 51, 53, 56, 33, F6, 8D, 45, FC, 46, 33, DB, 50, 89, 75, F8, 89, 5D, FC, E8, 5D, 57, FF, FF, 83, 7D, FC, 05, 59, 7E, 04, 8B, C6, EB, 42, 57, 53, FF, 15, 38, 22, 07, 10, 8B, 70, 3C, 03, F0, 66, 39, 5E, 06, 0F, B7, 46, 14, 8D, 7C, 30, 18, 76, 23, 57, 68, 14, BE, 07, 10, E8, 0B, C7, 00, 00, 85, C0, 59, 59, 74, 0E, 0F, B7, 46, 06, 43, 83, C7, 28, 3B, D8, 72, E3, EB... 
[+]

Entropy:

6.7104

Code size:

452 KB (462,848 bytes)

Scheduled Task

Task name:

LHWLGM

Trigger:

Boot (Runs on boot)

Remove regedt32o.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.