home

xtrapva.dll

Wiselogic Co., Ltd.

Publisher:
Wiselogic Co., Ltd.  (signed and verified)

Description:
Online Game Security Solution

Version:
1, 0, 0, 1

MD5:
b6bd4cfffae99db0e74bb2308b4516d3

SHA-1:
23c1911ab95eba2fa3c3b2998bf4f7fb2c6e75da

SHA-256:
3a082023d0534f4135d6ae79af6f7978b0b9f7db5522d7027d0751b38e37a130

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
5/15/2024 5:03:56 AM UTC  (today)

Scan engine
Detection
Engine version

Rising Antivirus
PE:PUA.Infector!1.9C44
23.00.65.14628

Trend Micro House Call
TROJ_GEN.F47V0719
7.2.181

File size:
1.4 MB (1,424,664 bytes)

Copyright:
Wiselogic Co., Ltd.

Trademarks:
X-TRAP

File type:
Dynamic link library (Win32 DLL)

Language:
Korean

Common path:
C:\Program Files\z8games\crossfire\xtrap\xtrapva.dll

Digital Signature
Signed by:
Wiselogic Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
10/23/2012 2:00:00 AM

Valid to:
11/23/2013 12:59:59 AM

Subject:
CN="Wiselogic Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Wiselogic Co., Ltd.", L=Gangnam gu, S=Seoul, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
13BEF1CE41B008BD8BD048FEEE0268AA

File PE Metadata
Compilation timestamp:
7/18/2013 9:53:48 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:mhfSf5q9POJP5pMMVfXuphujmlx1YcNG9iy2Z5M6xYe9C+tHgFoPZh6B5vzM:m+5mWZ5SMVfXuHujmlILiye5eeHAoK1

Entry address:
0x3E4044

Entry point:
68, 00, 00, 00, 00, 68, 01, 00, 00, 00, 68, 00, 00, 40, 40, E8, 00, 00, 00, 00, 81, 2C, 24, 58, 40, 7E, 40, 81, 04, 24, 00, 30, 7E, 40, E9, 95, 1F, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Packer / compiler:
PKLITE32, 0x1.1

Code size:
1.1 MB (1,146,880 bytes)

The file xtrapva.dll has been seen being distributed by the following 2 URLs.

http://update.cfire.ru/xtrap/.../XTrapVa.dll

http://cfpatch.z8game.com/xtrap/.../XTrapVa.dll

Scan xtrapva.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.