» rwln.dll
Overview
Analysis
File Details
Programs (1)

rwln.dll

Remote Manipulator System

Usoris Systems

The module rwln.dll by Usoris Systems has been detected as a potentially unwanted program by 9 anti-malware scanners. This file is typically installed with the program Remote Manipulator System - Host by TektonIT.

File name:

rwln.dll

Publisher:

TektonIT (signed by Usoris Systems)

Product:

Remote Manipulator System

Description:

RMS unit

Version:

6.0.0.0

MD5:

ce8162b35f8853fb34ba2ff47b4aac73

SHA-1:

852d647635f9841671de9b931831e49eade8cada

SHA-256:

1f4d34244807ca97e13ee49718ab42ebf9673095619fd0dcf1ef7a2cd789008d

Scanner detections:

9 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 2:10:04 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.RemoteAdmin.DJ

7.1.1

ESET NOD32

Win32/RemoteAdmin.RemoteUtilities (variant)

9.10825

Fortinet FortiGate

Riskware/Agent

2/20/2015

K7 AntiVirus

Trojan

13.186.14225

Kaspersky

not-a-virus:RemoteAdmin.Win32.Agent

14.0.0.2460

Panda Antivirus

Generic Suspicious

15.02.20.01

Qihoo 360 Security

Win32/Virus.RemoteAdmin.0b7

1.0.0.1015

Sophos

Generic PUA IF

4.98

Trend Micro House Call

Suspicious_GEN.F47V1127

7.2.51

File size:

976.3 KB (999,680 bytes)

Product version:

6.0.0.0

Trademarks:

TektonIT, Remote Manipulator System

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\remote manipulator system - host\rwln.dll

Digital Signature

Signed by:

Usoris Systems

Authority:

VeriSign, Inc.

Valid from:

1/27/2014 4:00:00 AM

Valid to:

3/29/2015 3:59:59 AM

Subject:

CN=Usoris Systems, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Usoris Systems, L=Victoria, S=Mahe, C=SC

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

727FDD149C55BFA6C0EAA7CF024D49E4

File PE Metadata

Compilation timestamp:

11/26/2014 6:58:33 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:xFYI4DWFX3nI5xUrrMttp1UF8RNOF9MrQp0AMgB/tvccg4b3Xajdl0zMjG:0ITX3nI5xUrrMttp1UF8RNOF9MrQp0AL

Entry address:

0xD7B60

Entry point:

55, 8B, EC, 83, C4, C0, B8, B0, 20, 4D, 00, E8, 94, 5C, F3, FF, 80, 3D, 38, B7, 4D, 00, 00, 75, 0B, A1, 50, EC, 4D, 00, 50, E8, 84, 63, F3, FF, C6, 05, 38, B7, 4D, 00, 01, E8, C0, 0F, F3, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

856.5 KB (877,056 bytes)

The file rwln.dll has been discovered within the following program.

Remote Manipulator System - Host by TektonIT

rmansys.ru

About 2% of users remove it

Remove rwln.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.