Quite a Malware/Virus api-ms-win-core-*smthing*.dll – Virus, Trojan, Spyware, and Malware Removal Help

/in


Hey everyone hope u are doing welll!
Alot of the stuff i wirte are MY Own Speculations *take it with grain of salt* I might be right
But realisticly im probl not , not an expert !

Sooo a while ago i did similar post , but it was regarding another problem but i suspected this wierd ..dll aswell! Yet it seems like its new? or not that wide spread ? Anyway… lets get into it ! :

Today i got the crazy idea tht the malware maybe split itself into alot of pieces to avoid detection so there is pieces of code thats not harmfull byitself , but combining it somhow , becomes the “Thing / Malware” Now the more im digging , the more i realise my idea isnt crazy at all, its not even my idea since that already exist …

The “.dll” im reffering to in ESET 

Attached File
 fRAFMSr – Imgur.png   500.15KB
  0 downloads  “fRAFMSSr – imgur.png”

Facts:
Quick explanation :
1. the .dll filesize is suspicious byitself (to me personally ) , and being that many of them :D
Ofcourse any antiviurs/scan etc says its not a virus , clean full etc!
2.It install itself in almot every Antivirus Program , Games (League of legeds i play only) , PartyPoker(Bwin) , and many many more folders! (Same .Dll file name , same Size , same all , diffrent folder )
———The “.dll” again in Riot games/LoL Notice size.name etc———-

                  Attached File
 llol.png   503.56KB
  0 downloads  “llol.png”

Have scnned each one of them ( Virustotal , and hybrid-analysis website )
and i Finally found some ppl reporting about it aswell!
* The .dll are clean again bythemselfs! but it detects files tht are connected to them *
*Example*

 

Analysis Overview :  


Submission name: python-keylogger.exe  Size: 7.4M iBType:
peexe 64bits executable Mime:

application/x-dosexec       SHA256: c2b7df0a3e8cc0167fffdfcf99f2e285e44862076ba73852ea9f4e72112f42e1   

Operating System:Windows      Last Anti-Virus Scan: 05/02/2022 09:16:14 (UTC)

Last Sandbox Report:           12/11/2021 21:12:31 (UTC)
malicious 
Threat Score: 100/100
AV Detection: 48 Laabeled as: Trojan.Generic


----Files dropped by it :

[attachment=239570:hybr.png]


and there is alot more .exe files etc associated to those .dll files ( absolutley same .dll files same...

Source…