solidcore32.dll

[Guest Bugen]

Friends have told me it's safe. I am just checking.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8394

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421

12/18/2011 3:18:27 PM

mbam-log-2011-12-18 (15-18-25).txt

Scan type: Quick scan

Objects scanned: 1

Time elapsed: 2 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\*******\downloads\solidcore32.dll (Trojan.Krypt) -> No action taken.

http://www.virustotal.com/file-scan/report.html?id=add1cae80abef0008460cb8bc5f48523bc27ba51b119b9e5e3d8ac17d3ff6667-1324248944

http://virusscan.jotti.org/en/scanresult/b9e8db8405ca2f27592956a6a283b97eaac10341

http://www.metascan-online.com/results.cgi?uid=ls1csyi58wk0aqpoz40r1o21syfbvi2l

http://vscan.novirusthanks.org/analysis/a5753be34addb7feb6b6cc8928d43c5a/c29saWRjb3JlMzItZGxs/

http://r.virscan.org/report/1799f43d67497a57aff541fdc617ddea.html

Antivirus results

AhnLab-V3 - 2011.12.18.00 - 2011.12.18 - Packed/Win32.Vmpbad

AntiVir - 7.11.19.155 - 2011.12.18 - TR/Dropper.Gen

Antiy-AVL - 2.0.3.7 - 2011.12.18 - Trojan/Win32.Genome

Avast - 6.0.1289.0 - 2011.12.18 - Win32:PUP-gen [PUP]

AVG - 10.0.0.1190 - 2011.12.18 - Generic26.FQI

BitDefender - 7.2 - 2011.12.18 - Gen:Variant.Kazy.45847

ByteHero - 1.0.0.1 - 2011.12.07 - -

CAT-QuickHeal - 12.00 - 2011.12.18 - -

ClamAV - 0.97.3.0 - 2011.12.18 - -

Commtouch - 5.3.2.6 - 2011.12.17 - W32/Virtumonde.N.gen!Eldorado

Comodo - 11004 - 2011.12.18 - UnclassifiedMalware

DrWeb - 5.0.2.03300 - 2011.12.18 - -

Emsisoft - 5.1.0.11 - 2011.12.18 - Trojan.Win32.Agent.AMN!A2

eSafe - 7.0.17.0 - 2011.12.18 - -

eTrust-Vet - 37.0.9628 - 2011.12.16 - -

F-Prot - 4.6.5.141 - 2011.12.17 - W32/Virtumonde.N.gen!Eldorado

F-Secure - 9.0.16440.0 - 2011.12.18 - Gen:Variant.Kazy.45847

Fortinet - 4.3.388.0 - 2011.12.18 - W32/Evx.BI!tr

GData - 22 - 2011.12.18 - Gen:Variant.Kazy.45847

Ikarus - T3.1.1.109.0 - 2011.12.18 - -

Jiangmin - 13.0.900 - 2011.12.18 - -

K7AntiVirus - 9.119.5696 - 2011.12.15 - Riskware

Kaspersky - 9.0.0.837 - 2011.12.18 - -

McAfee - 5.400.0.1158 - 2011.12.18 - Generic.evx!bi

McAfee-GW-Edition - 2010.1E - 2011.12.18 - Generic.evx!bi

Microsoft - 1.7903 - 2011.12.18 - Trojan:Win32/Vundo.OY

NOD32 - 6722 - 2011.12.18 - a variant of Win32/Kryptik.FM

Norman - 6.07.13 - 2011.12.18 - W32/Suspicious_Gen2.TJMZS

nProtect - 2011-12-18.01 - 2011.12.18 - Gen:Variant.Kazy.45847

Panda - 10.0.3.5 - 2011.12.18 - Generic Trojan

PCTools - 8.0.0.5 - 2011.12.18 - -

Prevx - 3.0 - 2011.12.19 - -

Rising - 23.88.03.02 - 2011.12.16 - -

Sophos - 4.72.0 - 2011.12.18 - Mal/Generic-L

SUPERAntiSpyware - 4.40.0.1006 - 2011.12.17 - -

Symantec - 20111.2.0.82 - 2011.12.18 - -

TheHacker - 6.7.0.1.361 - 2011.12.18 - Trojan/Kryptik.fm

TrendMicro - 9.500.0.1008 - 2011.12.18 - TROJ_SPNR.03L611

TrendMicro-HouseCall - 9.500.0.1008 - 2011.12.18 - TROJ_SPNR.03L611

VBA32 - 3.12.16.4 - 2011.12.14 - -

VIPRE - 11272 - 2011.12.18 - Virtumonde

ViRobot - 2011.12.17.4831 - 2011.12.18 - -

VirusBuster - 14.1.122.1 - 2011.12.18 - -

File info:

MD5: a5753be34addb7feb6b6cc8928d43c5a

SHA1: 5b9482384a2c1451d7df7db99fab49eed54ae38e

SHA256: add1cae80abef0008460cb8bc5f48523bc27ba51b119b9e5e3d8ac17d3ff6667

ssdeep: 1536:kqnKq+0P9aXRiYOS8rcaOXsCXP0YK6/ArtWXB57OsLt+EcvD67rGVNiNzL:RnRn9KdhfN/

qta7eP7gGVNiNzL

File size : 89088 bytes

First seen: 2011-11-26 15:54:53

Last seen : 2011-12-18 22:55:44

TrID:

Win32 Executable Generic (38.5%)

Win32 Dynamic Link Library (generic) (34.2%)

Clipper DOS Executable (9.1%)

Generic Win/DOS Executable (9.0%)

DOS Executable Generic (9.0%)

sigcheck:

publisher....: n/a

copyright....: n/a

product......: n/a

description..: n/a

original name: n/a

internal name: n/a

file version.: n/a

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

PEInfo: PE structure information

ExifTool:

file metadata

CodeSize: 10240

EntryPoint: 0x11a0

FileSize: 87 kB

FileType: Win32 DLL

ImageVersion: 0.0

InitializedDataSize: 5120

LinkerVersion: 10.0

MIMEType: application/octet-stream

MachineType: Intel 386 or later, and compatibles

OSVersion: 5.1

PEType: PE32

Subsystem: Windows GUI

SubsystemVersion: 5.1

TimeStamp: 0000:00:00 00:00:00

UninitializedDataSize: 0

_________________________________________________________________________

File Info

Report date: 2011-12-19 00:03:11 (GMT 1)

File name: solidcore32-dll

File size: 89088 bytes

MD5 Hash: a5753be34addb7feb6b6cc8928d43c5a

SHA1 Hash: 5b9482384a2c1451d7df7db99fab49eed54ae38e

Detection rate: 6 on 9 (67%)

Status: INFECTED

Detections

Avast -

AVG - Generic26.FQI

Avira AntiVir - TR/Dropper.Gen

ClamAV -

Comodo - UnclassifiedMalware

Emsisoft - Trojan.Win32.Agent.AMN!A2

F-Prot - W32/Virtumonde.N.gen!Eldorado

Ikarus -

TrendMicro - TROJ_SPNR.03L611

Scan report generated by

NoVirusThanks.org

______________________________________________________________

Antivir: TR/Crypt.XPACK.Gen

ArcaVir: Nothing found

AVG: Nothing found

BitDefender: Nothing found

VirusBlokAda32: Nothing found

VirusBuster: Nothing found

Report overview

Scanned by viruschief.com

solidcore32.zip

[shadowwar]

This file is a game crack. Its encrypted with a typical malware packer. We do not evaluate the overall safety of game cracks.

Thanks.

[Guest Bugen]

Is it safe to use or am I going to have to find new friends!

[shadowwar]

As stated above:

We do not evaluate the overall safety of game cracks.

[wakslob]

As stated above:

We do not evaluate the overall safety of game cracks.

Firstly ide like to say I am thinking about going premium with malwarebytes, but first i would like to test the integrity and effectiveness of the forum moderators.

Secondly ide like to say, This file mentioned by the OP isnt a crack. I buy my games and i too have found this to raise a red flag with me AV Software when i installed anno 2070. Can you please analyze it.

[S!Ri]

Hello

This file is a Anno 2070 crack from the team: RELOADED.

[wakslob]

Hello

This file is a Anno 2070 crack from the team: RELOADED.

I didnt ask if it was a crack or not, im looking at it right now, after i bought the game, and installed it on my PC No crack installed "solidcore32.dll" is not a crack. And quite frankly if malwarebytes doesn't analyze "all" files regardless of the nature of the file. I will not go premium. I mean what AV company will only analyze data according to they're own liking?

[shadowwar]

The original game if you bought it should not have the exact file above. It may be the same name as the one you have but the one above is modified.

What we are trying to say is a crack to the game itself we do not evaluate for overall safety. A crack is modified code that was not part of the original program to bypass protection measures or cheating. If it infects a system or causes a malware situation then it will be listed. Also because crackers use the same tools as malware writers sometimes defs will cross hit becuase of heurisitics.

If nothing is apparent with the sample and its just a crack we will not rate it as far as what it does to the game or if its safe to use with the game.

Notice the 3 different versions sizes and md5's here:

http://f.virscan.org/solidcore32.dll.html

The first one on the list is the one above. It is also detected By many vendors. It is definately a crack as siri said.

If you want to attach your version of the file i will take a look at it.

[shadowwar]

One thing to add.

Malwarebytes is not an antivirus company. We are designed to work alongside a Antivirus of your choosing. We target files that antivirus companies have trouble keeping up with and files that are actively on the internet that can cause infections on a pc.