× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: ccd43f32eddae9fba8b98f18b2a073b2cab27a2fc06648556ec3277205b65a40
File name: ROMwln.dll
Detection ratio: 14 / 66
Analysis date: 2019-04-18 08:20:31 UTC ( 1 day, 10 hours ago )
Antivirus Result Update
Acronis suspicious 20190418
Alibaba RemoteAdmin:Win32/RemoteUtilities.cb7c8c4c 20190402
Antiy-AVL Trojan[RemoteAdmin]/Win32.ROM 20190418
CAT-QuickHeal RemoteAdmin.ROM 20190416
eGambit Generic.Malware 20190418
ESET-NOD32 Win32/RemoteAdmin.RemoteUtilities.B potentially unsafe 20190417
GData Win32.Riskware.RemoteAdmin.B 20190417
K7AntiVirus Unwanted-Program ( 004bad2b1 ) 20190417
K7GW Unwanted-Program ( 004bad2b1 ) 20190417
Kaspersky not-a-virus:RemoteAdmin.Win32.ROM.at 20190417
Microsoft PUA:Win32/Presenoker 20190417
Rising Malware.Undefined!8.C (CLOUD) 20190417
Yandex Riskware.RemoteAdmin! 20190416
ZoneAlarm by Check Point not-a-virus:RemoteAdmin.Win32.ROM.at 20190417
Ad-Aware 20190418
AegisLab 20190417
AhnLab-V3 20190418
ALYac 20190418
Arcabit 20190418
Avast 20190418
Avast-Mobile 20190415
AVG 20190418
Avira (no cloud) 20190418
Babable 20180918
Baidu 20190318
BitDefender 20190418
Bkav 20190418
ClamAV 20190418
CMC 20190321
Comodo 20190418
CrowdStrike Falcon (ML) 20190212
Cybereason 20190417
Cyren 20190418
DrWeb 20190418
Emsisoft 20190418
Endgame 20190403
F-Secure 20190416
FireEye 20190417
Fortinet 20190417
Ikarus 20190416
Sophos ML 20190313
Jiangmin 20190417
Kingsoft 20190418
Malwarebytes 20190417
MAX 20190418
McAfee 20190417
McAfee-GW-Edition 20190416
eScan 20190417
NANO-Antivirus 20190417
Palo Alto Networks (Known Signatures) 20190418
Panda 20190416
Qihoo-360 20190418
SentinelOne (Static ML) 20190407
Sophos AV 20190417
SUPERAntiSpyware 20190410
Symantec Mobile Insight 20190410
TACHYON 20190417
Tencent 20190418
TheHacker 20190411
TotalDefense 20190416
Trapmine 20190325
TrendMicro-HouseCall 20190417
Trustlook 20190418
VBA32 20190416
VIPRE 20190417
ViRobot 20190417
Zillya 20190416
Zoner 20190417
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 2004-2010 Aledensoft. All rights reserved.

Product Remote Office Manager
Original name ROMwln.dll
Internal name ROMwln.dll
File version 4.1.2.0
Description Remote Office Manager unit
Comments Remote Office Manager unit
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-05-15 09:56:17
Entry Point 0x0003B73C
Number of sections 8
PE sections
PE imports
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
GetUserDefaultUILanguage
GetLastError
DisconnectNamedPipe
DisableThreadLibraryCalls
GetStdHandle
EnterCriticalSection
GetSystemInfo
lstrcmpiA
WaitForSingleObject
LockResource
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetThreadLocale
TlsAlloc
FlushFileBuffers
LoadLibraryA
GetCommandLineW
RtlUnwind
lstrlenW
WinExec
DeleteCriticalSection
GetStartupInfoA
LocalAlloc
VirtualQueryEx
GetModuleHandleW
CreateThread
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
GetCPInfo
ExitThread
GetProcAddress
GetDateFormatW
InterlockedCompareExchange
CreateNamedPipeW
GetLocaleInfoW
lstrcpynW
CompareStringW
RaiseException
WideCharToMultiByte
GetModuleFileNameW
TlsFree
SetFilePointer
GetSystemDefaultUILanguage
GetFullPathNameW
ReadFile
GetDiskFreeSpaceW
InterlockedExchange
WriteFile
GetCurrentProcess
CloseHandle
ResetEvent
FindFirstFileW
IsValidLocale
GetACP
GetVersionExW
GetCurrentThreadId
SignalObjectAndWait
SetEvent
LocalFree
FormatMessageW
ConnectNamedPipe
CreateEventW
InitializeCriticalSection
LoadResource
FindResourceW
CreateFileW
VirtualQuery
VirtualFree
EnumCalendarInfoW
FindClose
TlsGetValue
Sleep
SetEndOfFile
TlsSetValue
ExitProcess
GetVersion
VirtualAlloc
GetCurrentProcessId
GetModuleHandleA
LeaveCriticalSection
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
SysFreeString
VariantInit
GetSystemMetrics
MessageBoxW
LoadStringW
MessageBoxA
CharUpperBuffW
CharNextW
PE exports
Number of PE resources by type
RT_STRING 9
RT_RCDATA 3
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 11
RUSSIAN 2
ENGLISH US 2
PE resources
ExifTool file metadata
SubsystemVersion
5.0

Comments
Remote Office Manager unit

LinkerVersion
2.25

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
4.1.2.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Remote Office Manager unit

ImageFileCharacteristics
Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, DLL, Bytes reversed hi

CharacterSet
Windows, Latin1

InitializedDataSize
80896

EntryPoint
0x3b73c

OriginalFileName
ROMwln.dll

MIMEType
application/octet-stream

LegalCopyright
Copyright 2004-2010 Aledensoft. All rights reserved.

FileVersion
4.1.2.0

TimeStamp
2012:05:15 11:56:17+02:00

FileType
Win32 DLL

PEType
PE32

InternalName
ROMwln.dll

ProductVersion
4.1.2

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Aledensoft

CodeSize
237056

ProductName
Remote Office Manager

ProductVersionNumber
4.1.2.0

FileTypeExtension
dll

ObjectFileType
Dynamic link library

Execution parents
Compressed bundles
File identification
MD5 c608acf62bff41aca5815d24bfa98ef8
SHA1 cf791e91f19ea81458a2adf3c19eccf9f1447408
SHA256 ccd43f32eddae9fba8b98f18b2a073b2cab27a2fc06648556ec3277205b65a40
ssdeep
6144:x+isjj6KKQyL7oA0z/B6mMAUjAxN5I888888888888W88888888888:ATvynoT/EyUMxc888888888888W8888E

authentihash da45b0a031026ec736b5bbf7734bd0ab2020f2ff7d45a3dfbf151bff48c488fc
imphash fe9155885d77115e1a3bd3718fbf1e8c
File size 311.5 KB ( 318976 bytes )
File type Win32 DLL
Magic literal
PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit

TrID Win32 EXE PECompact compressed (generic) (47.2%)
Win32 Executable Delphi generic (16.1%)
Windows screen saver (14.8%)
Win32 Dynamic Link Library (generic) (7.4%)
Win32 Executable (generic) (5.1%)
Tags
pedll

VirusTotal metadata
First submission 2012-07-23 07:19:39 UTC ( 6 years, 9 months ago )
Last submission 2018-12-19 02:10:33 UTC ( 4 months ago )
File names ROMwln.dll
romwln.dll
ROMwln.dll
avz00001.dta
ROMwln.dll
ROMWLN.DLL._CF791E91F19EA81458A2ADF3C19ECCF9F1447408
ROMwln.dll
c608acf62bff41aca5815d24bfa98ef8.cf791e91f19ea81458a2adf3c19eccf9f1447408
romwln.dll
romwln.dll
romwln.dll
avz00002.dta
b166a993b016c42bc6ad0bddeeb1b3be_ROMwln.dll.safe
123123.txt
_ROMwln.dll
ROMwln.dll
ROMwln.dll.txt
romwln.dll
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!