home

runtime.dll

TODO:

TODO: <Company name>

The library runtime.dll, “TODO: <File description>” has been detected as malware by 4 anti-virus scanners. Additionally, the file is typically installed by a number of programs including wxDfast by Best Application and Coolyou by CoolYou Inc., both potentially unwanted software.
Publisher:
TODO:

Product:
TODO: <Product name>

Description:
TODO: <File description>

Version:
1.0.0.1

MD5:
ddfdd5f85a5fde5b6b7b9b01643248ef

SHA-1:
5f83ec091f2e56c574a626ffef768efb632d7ede

SHA-256:
fe1c48c4892a3dbdcd2ecdd6393dd77b1196eae687ecb59abe64589aa2fff5f2

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
5/14/2025 2:21:13 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Trojan.Win32.GenUpdater
4.0.3.14127

Comodo Security
UnclassifiedMalware
17665

ESET NOD32
Win32/GenUpdater
8.9331

VIPRE Antivirus
Trojan.Win32.Generic
25746

File size:
114 KB (116,736 bytes)

Product version:
1.0.0.1

Copyright:
TODO: (c) <Company name>. All rights reserved.

Original file name:
runtime.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\ProgramData\wxdfast\runtime.dll

File PE Metadata
Compilation timestamp:
7/19/2012 6:59:27 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1536:GnH0HVPRjpfYujKaSo3oWHOehByokiqXnRuRK2R26Bg9gkncD7NR+OqSIw15HHMT:7NDead3lFyoKEzfuCRtqJK5HHM20vd

Entry address:
0xA15B

Entry point:
8B, FF, 55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 7F, 5A, 00, 00, FF, 75, 08, 8B, 4D, 10, 8B, 55, 0C, E8, EC, FE, FF, FF, 59, 5D, C2, 0C, 00, CC, CC, 68, E0, A1, 00, 60, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 60, C0, 01, 60, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, CC, CC...
 
[+]

Entropy:
6.3422

Code size:
80.5 KB (82,432 bytes)

The file runtime.dll has been discovered within the following programs.

Coolyou  by CoolYou Inc.
From the app's privacy policy: "We may collect certain information about your web usage and websites you have visited, which may be shared with third parties and used for advertising."
coolyouapp.com
66% remove it
OptimizerPro Updater  by BetterSoft
OptimizerPro is the update program which runs on the PC and checks for updates and automatically downloads and installs them if found. The program is primarily designed to keep the software up to date or provide product upgrades.
77% remove it
TheBflix  by TheBflix
TheBflix is a potentially unwanted web browser extension and toolbar that delivers contextual based advertising as well as modify the user's web browser home and search pages to provide advertising and search.
thebflix.com
82% remove it
TheBflix Updater  by TheBflix
TheBflix Updater is the update program which runs on the PC and checks for updates and automatically downloads and installs them if found based on the user's settings.
83% remove it
wxDfast  by Best Application
Publisher's description - “wxDownload Pro is an open source download manager. It is also multi-threaded transfers download manager which means it can split a file into several parts and download them simultaneously.”
wxdownloadmanager.com
79% remove it
WxDFast Updater  by Best Application
wxDownload Fast (also known as wxDFast) is a free/open source download manager. WxDFast Updateris a program designed to manage all installed WxDFast programs on the user's PC and check for and update any new versions of the software if available.
79% remove it
 
Powered by Should I Remove It?

Remove runtime.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.