File Name | rld.dll |
File Type |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
Scanner Version | 1.0.186.174 |
Database Version | 2024-09-07 03:00:25 UTC |
Malware family: Packed
Hash Type | Value | Action |
---|---|---|
MD5 |
5514b0bb1e2e04c97d1fb1fbc4cb8f08
|
|
SHA1 |
9d0d7dcaaafcfce58f0d7e0245d776ac52452766
|
|
SHA256 |
907b0f30d17c9b6ae1a77a2b6f56401463bf27186b9ca706f4187d99ff15425f
|
|
SHA512 |
5f3481b335d97b4d45b88a49f19e083822dabf19bfe06a66543d373ffc7a6c92eb172bdc371739ce68e425fb00f8e713789fa233b24b4f34dde5826be705bcae
|
|
ImpHash |
433fa85b0b55a49e870bca7feae53a7a
|
Image Base | 0x10000000 |
Entry Point | 0x1001116d |
Compilation Time | 2011-06-20 20:12:13 |
Checksum | 0x00000000 (Actual: 0x000220db) |
OS Version | 5.1 |
PEiD Signatures |
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
Digital Signature | The PE file does not contain a certificate table. |
Imports |
2 libraries
KERNEL32, user32 |
Exports | 0 functions |
Resources | 0 Resources |
Sections | 6 Sections |
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Characteristics | MD5 |
---|---|---|---|---|---|---|
.text |
0x00001000 |
267 bytes | 512 bytes | 3.69 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
8DA69C4F04BAF180BE0BCD472B85885C |
.rdata |
0x00002000 |
256 bytes | 512 bytes | 3.69 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
AE1CF0DCB8419485098DE7470A905CAC |
.RLD0 |
0x00003000 |
48 bytes | 512 bytes | 0.44 (Normal) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
D180811AD6D24520031A0E3D30BD6090 |
.RLD1 |
0x00004000 |
46,091 bytes | 46,592 bytes | 7.64 (Packed/Encrypted) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
C0427FFFA94D56D5DBFD4DD357DE1680 |
.RLD2 |
0x00010000 |
24,536 bytes | 24,576 bytes | 7.49 (Compressed) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
A8FF4C808C6C470C66EB3C3BDE9EF79C |
.reloc |
0x00016000 |
204 bytes | 512 bytes | 2.16 (Normal) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
CC7C363F9982C259BF0A1D59AB91DB45 |
1 section(s) with high entropy (≥7.5) detected - possible packing/encryption
1 section(s) with elevated entropy (≥6.5) - possible compression
This file is not digitally signed.
⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources
The PE file does not contain a certificate table.
Recommendation: Verify the file source and ensure it comes from a trusted publisher.
Gridinsoft has the capability to identify and eliminate Trojan.Win32.Packed.ns without requiring further user intervention.
Download Anti-MalwareFollow these steps to completely remove the threat from your system