home

yzzhr8m42zg9dz.dll

The library yzzhr8m42zg9dz.dll has been detected as malware by 41 anti-virus scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘fAsttsaaler’. According to the AV engines that detect this, it is a detection for a file infected by members of the Win32/Ramnit malware family and may drop and load other malware.
MD5:
0acb8eff63f3cd42a4ee81198cdab8d9

SHA-1:
1e55e3da37c8da534e2b93f7f9bf3f7a66b39230

SHA-256:
210d2f8b2df474f5c77020c450ebc7a5fbc58cc2fa94db28693f31d5ebe224b0

Scanner detections:
41 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/26/2024 1:17:17 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Zusy.121779
6489932

Agnitum Outpost
Win32.Ramnit.Gen.3
7.1.1

AhnLab V3 Security
Win32/Ramnit.B
2015.01.26

Avira AntiVirus
W32/Ramnit.A
7.11.205.14

avast!
Win32:Adware-gen [Adw]
150129-1

AVG
Win32/Ramnit.A
2016.0.3213

Baidu Antivirus
Virus.Win32.Nimnul.$a
4.0.3.15130

Bitdefender
Win32.Ramnit
1.0.20.150

Bkav FE
W32.RammitNNA.PE
1.3.0.6379

Clam AntiVirus
W32.Ramnit-1
0.98/19978

Comodo Security
Virus.Win32.Ramnit.A
20845

Dr.Web
Win32.Rmnet
9.0.1.030

Emsisoft Anti-Malware
Gen:Variant.Adware.Zusy.121779
9.0.0.4799

ESET NOD32
Win32/Adware.MultiPlug.EG application
7.0.302.0

Fortinet FortiGate
W32/Ramnit.C
1/30/2015

F-Prot
W32/Ramnit.B
v6.4.6.5.141

F-Secure
Gen:Variant.Adware.Zusy.121779
5.13.68

G Data
Win32.Ramnit
15.1.24

IKARUS anti.virus
Virus.Win32.Ramnit
t3scan.1.8.6.0

K7 AntiVirus
Virus
13.192.14746

Kaspersky
Virus.Win32.Nimnul
14.0.0.2562

Malwarebytes
Virus.Ramnit
v2015.01.30.12

McAfee
Virus.W32/Ramnit.a
5600.6869

Microsoft Security Essentials
Threat.Undefined
1.191.3234.0

MicroWorld eScan
Win32.Ramnit
16.0.0.90

NANO AntiVirus
Virus.Win32.Nimnul.bpchjo
0.30.0.64812

Norman
Win32.Ramnit
11.20150130

nProtect
Win32.Ramnit
15.01.23.01

Panda Antivirus
Generic Suspicious
15.01.30.12

Qihoo 360 Security
Virus.Win32.Ramnit.B
1.0.0.1015

Quick Heal
W32.Ramnit.A
1.15.14.00

Reason Heuristics
Threat.Win.Reputation.IMP
15.1.30.12

Rising Antivirus
PE:Win32.Ramnit.a!1590234
23.00.65.15128

Sophos
Virus 'W32/Patched-I'
59

Total Defense
Win32/Ramnit.A
37.0.11404

Trend Micro House Call
PE_RAMNIT.H
7.2.30

Trend Micro
PE_RAMNIT.H
10.465.30

Vba32 AntiVirus
Virus.Win32.Nimnul.a
3.12.26.3

VIPRE Antivirus
Threat.4726519
36666

ViRobot
Win32.Ramnit.E[h]
2014.3.20.0

Zillya! Antivirus
Virus.Nimnul.Win32.2
2.0.0.2045

File size:
548.5 KB (561,664 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\Program Files\fasttsaaler\yzzhr8m42zg9dz.dll

File PE Metadata
Compilation timestamp:
1/21/2015 10:09:02 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:KijttoTAmVkvelG9Ud+4OvMuik5jlzPxkLq:JAMMuht9xkL

Entry address:
0x490E1

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 0F, 50, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, D0, CB, 06, 10, E8, 50, 0B, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 10, 8B, 07, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, A8, 37, 06, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
5.8282

Developed / compiled with:
Microsoft Visual C++

Code size:
337.5 KB (345,600 bytes)

Internet Explorer BHO
Display name:
fAsttsaaler

CLSID:
{3ea35b4c-8b60-4086-8e14-43c379598dd6}


Remove yzzhr8m42zg9dz.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.