home

iphlpsvr.dll

Service that offers IPv6 connectivity over an IPv4 network.

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The library iphlpsvr.dll, “Service that offers IPv6 connectivity over an IPv4 network.” has been detected as malware by 7 anti-virus scanners.
Publisher:
Microsoft Corporation*  (Invalid match)

Product:
Microsoft® Windows® Operating System

Description:
Service that offers IPv6 connectivity over an IPv4 network.

Version:
6.1.7600.16385 (win7_rtm.090713-1255)

MD5:
f3ed7092193725c00a7dc4c455ac9f6d

SHA-1:
353080944f8b063c3afc854ceb7d76e020d8c8fa

SHA-256:
c47a74f16a820dc1998ccb1e72cd9a7d68339440fa393ab046e6f943e290fdbe

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
5/3/2024 2:36:50 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.W32.Agentb!c
2.1.4+

Baidu Antivirus
Win32.Trojan.WisdomEyes.16070401.9500
4.0.3.17315

Kaspersky
Trojan.Win32.Agentb
14.0.0.-1315

nProtect
Trojan/W32.Agent.53248.ERH
16.12.30.01

Qihoo 360 Security
Win32/Trojan.130
1.0.0.1120

Quick Heal
Trojan.Agentb
3.17.14.00

Rising Antivirus
Trojan.Agentb!8.F8-x6uP79RydhB (cloud)
23.00.65.17313

File size:
52 KB (53,248 bytes)

Product version:
6.1.7600.16385

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
iphlpsvr.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Windows\System32\iphlpsvr.dll

File PE Metadata
Compilation timestamp:
9/9/2016 3:12:45 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x1E0D

Entry point:
55, 8B, EC, 53, 8B, 5D, 08, 56, 8B, 75, 0C, 57, 8B, 7D, 10, 85, F6, 75, 09, 83, 3D, 50, AB, 00, 10, 00, EB, 26, 83, FE, 01, 74, 05, 83, FE, 02, 75, 22, A1, 44, B2, 00, 10, 85, C0, 74, 09, 57, 56, 53, FF, D0, 85, C0, 74, 0C, 57, 56, 53, E8, E7, FE, FF, FF, 85, C0, 75, 04, 33, C0, EB, 4E, 57, 56, 53, E8, A3, F1, FF, FF, 83, FE, 01, 89, 45, 0C, 75, 0C, 85, C0, 75, 37, 57, 50, 53, E8, C3, FE, FF, FF, 85, F6, 74, 05, 83, FE, 03, 75, 26, 57, 56, 53, E8, B2, FE, FF, FF, 85, C0, 75, 03, 21, 45, 0C, 83, 7D, 0C, 00...
 
[+]

Entropy:
4.4747

Developed / compiled with:
Microsoft Visual C++

Code size:
24 KB (24,576 bytes)

Remove iphlpsvr.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.