How to remove A0037642.dll
- File Details
- Overview
- Analysis
A0037642.dll
The module A0037642.dll has been detected as Adware.Downloader
File Details
| Product Name: |
|
| Company Name: |
|
| MD5: |
1b7f6f4b711af05ece643206cf1f0563 |
| Size: |
20 KB |
| First Published: |
2017-05-25 09:04:27 (6 years ago) |
| Latest Published: |
2019-06-23 20:44:28 (4 years ago) |
| Status: |
Adware.Downloader (on last analysis) |
|
| Analysis Date: |
2019-06-23 20:44:28 (4 years ago) |
Overview
| %localappdata%\catalinagroup\citrio\user data\default\extensions\hjinflocgjpjihbgdlipilmjlbkjkmak\0.6.6_0\binaries\win\plugins\demux |
| %profile%\bd\local settings\application data\catalinagroup\citrio\user data\default\extensions\hjinflocgjpjihbgdlipilmjlbkjkmak\0.6.6_0\binaries\win\plugins\demux |
| %profile%\annan6\local settings\application data\catalinagroup\citrio\user data\default\extensions\hjinflocgjpjihbgdlipilmjlbkjkmak\0.6.6_0\binaries\win\plugins\demux |
| %sysdrive%\system volume information\_restore{707e28ae-030b-44df-b89d-07076ebdcb41}\rp269 |
| %localappdata%\catalinagroup\citrio\user data\default\extensions\hjinflocgjpjihbgdlipilmjlbkjkmak\0.6.6_0\binaries\win\plugins |
| %sysdrive%\system volume information\_restore{c52b72cc-fd71-4681-b415-f03a3112c2d4} |
| %localappdata%\catalinagroup\citrio\user data\default\extensions\hjinflocgjpjihbgdlipilmjlbkjkmak\0.6.6_1\binaries\win\plugins |
| %profile%\enatual\local settings\application data\catalinagroup\citrio\user data\default\extensions\hjinflocgjpjihbgdlipilmjlbkjkmak\0.6.6_1\binaries\win\plugins |
| %profile%\ous\local settings\application data\catalinagroup\citrio\user data\default\extensions\hjinflocgjpjihbgdlipilmjlbkjkmak\0.6.6_0\binaries\win\plugins |
| %sysdrive%\windows.old\users\samuel\appdata\local\catalinagroup\citrio\user data\default\extensions\hjinflocgjpjihbgdlipilmjlbkjkmak\0.6.6_0\binaries\win\plugins |
| librawdv_plugin.dll |
| A0037642.dll |
| A0456667.dll |
|
31.4% |
|
|
6.7% |
|
|
5.7% |
|
|
4.8% |
|
|
4.8% |
|
|
4.8% |
|
|
3.8% |
|
|
3.8% |
|
|
2.9% |
|
|
2.9% |
|
|
1.9% |
|
|
1.9% |
|
|
1.9% |
|
|
1.9% |
|
|
1.9% |
|
|
1.9% |
|
|
1.9% |
|
|
1.9% |
|
|
1.0% |
|
|
1.0% |
|
|
1.0% |
|
|
1.0% |
|
|
1.0% |
|
|
1.0% |
|
|
1.0% |
|
|
1.0% |
|
|
1.0% |
|
|
1.0% |
|
|
1.0% |
|
|
1.0% |
|
|
1.0% |
|
|
1.0% |
|
| Windows 10 |
39.6% |
|
| Windows 7 |
30.2% |
|
| Windows 8.1 |
22.6% |
|
| Windows XP |
7.5% |
|
Analysis
| Subsystem: |
Windows CUI |
| PE Type: |
pe |
| OS Bitness: |
32 |
| Image Base: |
0x6db80000 |
| Entry Address: |
0x00001410 |
| Name |
Size of data |
MD5 |
| .text |
8704 |
0b4e1d92c386822499675fea1f626b93 |
| .data |
512 |
c170eea0177e9e79cfce1e58b55195cd |
| .rdata |
2048 |
2f3c1971d38d937c1129921abeb76cd7 |
| .bss |
0 |
00000000000000000000000000000000 |
| .edata |
512 |
26ddfd509a79364afad529507d631fb6 |
| .idata |
1536 |
7c41144fa43b271ba80196e4a8f0bd85 |
| .CRT |
512 |
8d4614bcff0704795ef5baf362b7c024 |
| .tls |
512 |
ce924bb2ca248fdaf59d8774ecbd96a0 |
| .rsrc |
1024 |
1bef3a5d30c648764cd055adbf0c80cf |
| .reloc |
1024 |
fe63b99f9b70a2c110581b1a3013f1f8 |
| /4 |
512 |
fc4d1bdbb60eb41604f86d6be92c507c |
