The Rw0ter_new.dll File Analysis

Updated 1 month ago

Checked by Malaware Check

Rw0ter_new.dll

Technical Analysis

File Name	Rw0ter_new.dll
File Type	Win32 DLL
Magic Bytes	`PE32+ executable (DLL) (GUI) x86-64, for MS Windows`
SSDEEP Hash	6144:2+PLykHjtOFE7Sv15NBFDtKnSMA3R0DnU0TA1:TOijevNLtKnSMSSDn
Scanner Version	1.0.215.174
Database Version	2025-04-26 11:00:29 UTC

⚠

Suspicious File Detected

Detected by 9 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.

13%

Detection Rate

351,232

File Size (bytes)

9/72

Engines Detected

2025-04-26

Analysis Date

Scan Another File

File Identification

Hash Type	Value	Action
MD5	3ea62a487508efbf60d3dec2aed95deb
SHA1	f03a0d2fe8460e7d6d7ca5fb3f71916a186017c9
SHA256	ee09dc1299ce7b5e6c8f12662d6a1e8e47868e50e6b4448347c1ac65f8321ba0
SHA512	b7aa45e759bbae51db1b00ad4711d2095b516dc1907bcfe2d2f4fb276595c78f2b07cc13df7930c944c91c9a30b0602699bd487bbcc5a1c371a08302e7f2b1d4
ImpHash	1f9d37bdbd35faa9dab485eee9ffd166

Security Engines with Detections (9 of 72)

Cynet

Malicious (score: 100) Malicious

Skyhigh

BehavesLike.Win64.Generic.fh Malicious

Sangfor

Trojan.Win32.Save.a Malicious

CrowdStrike

win/malicious_confidence_90% (D) Malicious

McAfeeD

ti!EE09DC1299CE Malicious

Ikarus

Trojan.Win64.Krypt Malicious

Microsoft

PUA:Win32/Puwaders.C!ml Malicious

Google

Detected Malicious

MaxSecure

Trojan.Malware.300983.susgen Malicious

63 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

▼

Image Base	`0x180000000`
Entry Point	`0x180043bbc`
Compilation Time	2025-04-24 21:22:58
Checksum	0x00000000 (Actual: 0x000604ed)
OS Version	6.0
PEiD Signatures	`PE32+ executable (DLL) (GUI) x86-64, for MS Windows`
PDB Path	`C:\Users\admin\Downloads\NL resolve (1)\NL resolve\x64\Release\NL resolve.pdb`
Digital Signature	No valid SignedData structure was found.
Imports	15 libraries
Exports	0 functions
Resources	1 Resources
Sections	6 Sections

PE Sections

▼

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Characteristics	MD5
`.text`	`0x00001000`	278,434 bytes	278,528 bytes	6.53 (Compressed)	`IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ`	`067F6BFA7A312094ABE7D10D17D8F50F`
`.rdata`	`0x00045000`	55,832 bytes	56,320 bytes	6.13 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`F402E04E5F30C752A2E87AF92D986E72`
`.data`	`0x00053000`	3,736 bytes	1,536 bytes	3.26 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE`	`B34352A6CFEFEB56E8D9D4E3974D451F`
`.pdata`	`0x00054000`	12,060 bytes	12,288 bytes	5.63 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`92D2A04F5A3E4341A13CE89E709F1551`
`.rsrc`	`0x00057000`	248 bytes	512 bytes	2.53 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ`	`6D57BB8E9C9649C9FC9AD013030244A3`
`.reloc`	`0x00058000`	548 bytes	1,024 bytes	3.48 (Normal)	`IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_DISCARDABLE\|IMAGE_SCN_MEM_READ`	`8D80B14F1211DEF039626235ACBF2DDA`

Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

▼

Total Resources: 1 (145 bytes)

Resource Type	Count	Total Size	Percentage
RT_MANIFEST	1	145 bytes	100%

Certificate Chain Analysis

▼

No Digital Signatures

This file is not digitally signed.

Security Implications:

Cannot verify the publisher's identity
Increased security risk when running this file
May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
Email Security: Be cautious with email attachments and links, even from known contacts.

Proactive Protection

9 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.

Your Score for

5 4 3 2 1