home

biomctrlface.dll

Run Once Wrapper

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The library biomctrlface.dll has been detected as malware by 8 anti-virus scanners.
Publisher:
Microsoft Corporation*  (Invalid match)

Product:
Microsoft® Windows® Operating System

Description:
Run Once Wrapper

Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)

MD5:
3de911878771f2f08ffce175405d7bcf

SHA-1:
b66f837ed8e23dda0cdb99ebd1b4f7eb8ee9a999

SHA-256:
a3cfd9d0c84cfceae95dd80c7ff1747155c2393ebce378e0c3f72962aa839010

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
7/12/2025 8:50:27 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.779475
5813612

Emsisoft Anti-Malware
Gen:Variant.Kazy.779475
10.0.0.5366

ESET NOD32
Win32/Kryptik.EHGP trojan
7.0.302.0

F-Secure
Gen:Variant.Kazy.779475
5.05.7110

Kaspersky
Trojan.Win32.Yakes
15.0.0.562

Microsoft Security Essentials
Threat.Undefined
1.213.1078.0

Norman
Gen:Variant.Kazy.779475
17.12.2015 06:34:11

VIPRE Antivirus
Threat.4150696
46062

File size:
47.5 KB (48,640 bytes)

Product version:
6.1.7601.17514

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
RUNONCE.EXE

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\ewtion\biomctrlface.dll

File PE Metadata
Compilation timestamp:
3/26/2012 12:44:30 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
768:F6gE7C9iJgv/cKgwIR7t8SsPCooS+3na388+jtCZ3m1qn5F4aoMDizus6D9+r:8TWgJgHcKgxR7SSJooS+3na3f+UZ3m1v

Entry address:
0x183F

Entry point:
55, 8B, EC, 83, EC, 18, 68, 68, CE, 40, 00, 68, 2C, 01, 00, 00, FF, 15, 10, 40, 40, 00, 68, E4, C9, 40, 00, FF, 15, 20, 40, 40, 00, 68, F0, C9, 40, 00, FF, 15, 24, 40, 40, 00, 68, FC, C9, 40, 00, FF, 15, 2C, 40, 40, 00, 6A, 53, FF, 15, 28, 40, 40, 00, 8D, 45, E8, 89, 45, F8, 8D, 45, 04, A3, D8, C9, 40, 00, A1, D8, C9, 40, 00, 8B, 40, 04, A3, CC, C9, 40, 00, A1, CC, C9, 40, 00, A3, A8, C9, 40, 00, A1, D8, C9, 40, 00, 85, C0, 0F, 84, 17, 00, 00, 00, A1, D8, C9, 40, 00, 8B, 40, 08, A3, D0, C9, 40, 00, A1, D4...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
27.5 KB (28,160 bytes)

Property Sheet Handler
Name:
{fbeb8a05-beee-4442-804e-409d6c4515e9}


Remove biomctrlface.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.