» rundll2713.exe
Overview
Analysis
File Details
Behaviors (1)

rundll2713.exe

PlusProcess

Tera information Technology co.Ltd

The executable rundll2713.exe has been detected as malware by 10 anti-virus scanners.

File name:

rundll2713.exe

Publisher:

Tera information Technology co.Ltd (signed and verified)

Product:

PlusProcess

Version:

1.00

MD5:

72cebd98a8ad5b505de47bfd4b27da45

SHA-1:

f9794dc42a94bb4ea9e7e8b96725adce93dc2761

SHA-256:

bb3fa077c2ed37d02e86b73323695f75e17b0af1920ef2c2f1e639f097d9c6c1

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

4/29/2024 5:26:14 PM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

Troj.W32.Gen.l3jn

2.1.4+

Avira AntiVirus

TR/Spy.Gen

8.3.3.4

Dr.Web

BACKDOOR.Trojan

9.0.1.0350

ESET NOD32

probably unknown NewHeur_PE

10.13534

IKARUS anti.virus

Win32.SuspectCrc

t3scan.2.0.9.0

K7 AntiVirus

Trojan

13.226.19685

McAfee

Artemis!72CEBD98A8AD

5600.6185

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1120

Rising Antivirus

Malware.Undefined!8.C-dWMrS6twOzQ (Cloud)

23.00.65.161213

VIPRE Antivirus

Trojan.Win32.Generic

49592

File size:

154.9 KB (158,584 bytes)

Product version:

1.00

Original file name:

PlusProcess.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Windows\System32\rundll2713.exe

Digital Signature

Signed by:

Tera information Technology co.Ltd

Authority:

thawte, Inc.

Valid from:

12/27/2014 9:00:00 AM

Valid to:

2/26/2016 8:59:59 AM

Subject:

CN=Tera information Technology co.Ltd, O=Tera information Technology co.Ltd, L=Pohang-si, S=Gyeongsangbuk-do, C=KR

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

03A26DC2EB062E6237FCA48CCA93A67A

File PE Metadata

Compilation timestamp:

4/21/2015 1:26:02 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x334C

Entry point:

68, 40, 3E, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 0E, BF, 20, D5, 0E, 7C, 74, 4D, 97, 4B, 06, F3, 87, 5D, 66, BD, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 50, 72, 6F, 6A, 65, 63, 74, 00, 00, 00, 00, 00, FF, CC, 31, 00, 02, AA, DF, E6, 81, A2, 4A, 5F, 40, AD, CB, 16, 0B, B1, 22, FE, 17, A3, C7, 32, 67, 3D, 55, 9C, 47, A3, A0, C9, CF, 4C, B9, 28, 01, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00... 
[+]

Entropy:

5.3854

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

136 KB (139,264 bytes)

Windows Firewall Allowed Program

Name:

c:\windows\system32\winspcs.exe

Remove rundll2713.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.