× В вашем браузере отключены куки (cookie). Для полноценной работы сайта необходимо включить сохранение файлов cookie.
SHA256: 17761e85fbd73ba7f17f6862c530e982b8e5778fb509be6bcf749078c55f1bb0
Имя файла: DTLite4491-0356.exe
Показатель выявления: 5 / 53
Дата анализа: 2014-09-06 06:22:33 UTC (4 лет, 6 месяцев назад) Показать последний анализ
Антивирус Результат Дата обновления
AVware Opencandy (fs) 20140906
ESET-NOD32 Win32/DownWare.L 20140905
GData Win32.Adware.OpenCandy.C 20140906
Malwarebytes PUP.Optional.OpenCandy 20140906
VIPRE Opencandy (fs) 20140906
Ad-Aware 20140906
AegisLab 20140906
Yandex 20140905
AhnLab-V3 20140905
Antiy-AVL 20140906
Avast 20140906
AVG 20140906
Avira (no cloud) 20140906
Baidu-International 20140905
BitDefender 20140906
Bkav 20140906
ByteHero 20140906
CAT-QuickHeal 20140904
ClamAV 20140905
CMC 20140904
Comodo 20140906
Cyren 20140906
DrWeb 20140906
Emsisoft 20140906
F-Prot 20140906
F-Secure 20140906
Fortinet 20140906
Ikarus 20140906
Jiangmin 20140904
K7AntiVirus 20140905
K7GW 20140905
Kaspersky 20140906
Kingsoft 20140906
McAfee 20140906
McAfee-GW-Edition 20140905
Microsoft 20140906
eScan 20140906
NANO-Antivirus 20140906
Norman 20140906
nProtect 20140905
Panda 20140905
Qihoo-360 20140906
Rising 20140905
Sophos AV 20140906
SUPERAntiSpyware 20140906
Symantec 20140906
Tencent 20140906
TheHacker 20140905
TotalDefense 20140905
TrendMicro 20140906
TrendMicro-HouseCall 20140906
VBA32 20140905
ViRobot 20140906
Zillya 20140904
Zoner 20140905
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2004-2012

Product DAEMON Tools Lite
Original name DAEMON Tools Lite4.49.1.0356.exe
Internal name DAEMON Tools Lite4.49.1.0356.exe
File version 4.49.1.0356.0
Description DAEMON Tools Lite Setup
Signature verification Signed file, verified signature
Signing date 10:20 AM 3/4/2014
Signers
[+] Disc Soft Ltd
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer GlobalSign CodeSigning CA - G2
Valid from 04:58 PM 02/21/2014
Valid to 04:52 PM 05/30/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 116FE6A2FB16A202F23E25E5A151B7B146FC3A70
Serial number 11 21 35 2E 0B 20 23 D1 A7 51 88 6D CB E9 7D 37 79 5E
[+] GlobalSign CodeSigning CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 09:00 AM 04/13/2011
Valid to 09:00 AM 04/13/2019
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 9000401777DD2B43393D7B594D2FF4CBA4516B38
Serial number 04 00 00 00 00 01 2F 4E E1 35 5C
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 09/01/1998
Valid to 12:00 PM 01/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbprint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Counter signers
[+] GlobalSign TSA for MS Authenticode - G1
Status Valid
Issuer GlobalSign Timestamping CA - G2
Valid from 11:00 PM 08/22/2013
Valid to 11:00 PM 09/22/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 8CE69F5012E1D1A8FB395E2E31E2B42BDE3B343B
Serial number 11 21 40 5C 1F 0E D2 58 88 2B E5 4D 86 86 BA 11 EA 45
[+] GlobalSign Timestamping CA - G2
Status Valid
Issuer GlobalSign Root CA
Valid from 09:00 AM 04/13/2011
Valid to 12:00 PM 01/28/2028
Valid usage All
Algorithm sha1RSA
Thumbrint C0E49D2D7D90A5CD427F02D9125694D5D6EC5B71
Serial number 04 00 00 00 00 01 2F 4E E1 52 D7
[+] GlobalSign Root CA - R1
Status Valid
Issuer GlobalSign Root CA
Valid from 11:00 AM 09/01/1998
Valid to 12:00 PM 01/28/2028
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing, OCSP Signing, EFS, IPSEC Tunnel, IPSEC User, IPSEC IKE Intermediate
Algorithm sha1RSA
Thumbrint B1BC968BD4F49D622AA89A81F2150152A41D829C
Serial number 04 00 00 00 00 01 15 4B 5A C3 94
Packers identified
F-PROT UPX, embedded, appended, NSIS, UTF-8, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2010-04-10 12:19:31
Entry Point 0x0000354B
Number of sections 5
PE sections
Overlays
MD5 47f5636e560794abc08fb6ac80ecc55b
File type data
Offset 44544
Size 13384960
Entropy 8.00
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueExW
ImageList_Create
Ord(17)
ImageList_Destroy
ImageList_AddMasked
GetDeviceCaps
CreateFontIndirectW
SetBkMode
CreateBrushIndirect
SelectObject
SetBkColor
DeleteObject
SetTextColor
GetLastError
WriteFile
CopyFileW
GetShortPathNameW
LoadLibraryA
lstrlenA
GetModuleFileNameW
GlobalFree
WaitForSingleObject
GetVersionExW
GetExitCodeProcess
ExitProcess
GlobalUnlock
GetFileAttributesW
lstrlenW
GetCurrentProcess
CompareFileTime
FindNextFileW
GetFileSize
OpenProcess
SetFileTime
GetCommandLineW
GetWindowsDirectoryW
SetErrorMode
MultiByteToWideChar
CreateDirectoryW
SetFilePointer
GlobalLock
GetPrivateProfileStringW
WritePrivateProfileStringW
GetTempFileNameW
lstrcpynW
RemoveDirectoryW
ExpandEnvironmentStringsW
lstrcpyW
GetFullPathNameW
lstrcmpiA
CreateThread
LoadLibraryW
GetModuleHandleA
GetSystemDirectoryW
GetDiskFreeSpaceW
ReadFile
GetTempPathW
CloseHandle
DeleteFileW
FindFirstFileW
lstrcmpW
GetModuleHandleW
lstrcatW
lstrcpynA
FreeLibrary
SearchPathW
WideCharToMultiByte
lstrcmpiW
SetCurrentDirectoryW
lstrcpyA
CreateFileW
GlobalAlloc
CreateProcessW
FindClose
Sleep
MoveFileW
SetFileAttributesW
GetTickCount
GetVersion
GetProcAddress
LoadLibraryExW
MulDiv
SHBrowseForFolderW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFileInfoW
EmptyClipboard
GetMessagePos
EndPaint
EndDialog
LoadBitmapW
SetClassLongW
DefWindowProcW
CharPrevW
PostQuitMessage
ShowWindow
FillRect
SetWindowPos
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
GetDC
CharUpperW
DialogBoxParamW
GetClassInfoW
AppendMenuW
CharNextW
IsWindowEnabled
GetDlgItemTextW
MessageBoxIndirectW
GetSysColor
CheckDlgButton
DispatchMessageW
CreateDialogParamW
BeginPaint
CreatePopupMenu
SendMessageW
SetCursor
SetClipboardData
GetWindowLongW
IsWindowVisible
SetForegroundWindow
SetWindowTextW
GetDlgItem
SystemParametersInfoW
LoadImageW
EnableMenuItem
ScreenToClient
InvalidateRect
wsprintfA
SetTimer
CallWindowProcW
TrackPopupMenu
RegisterClassW
FindWindowExW
CharNextA
SetDlgItemTextW
LoadCursorW
GetSystemMenu
SendMessageTimeoutW
CreateWindowExW
wsprintfW
CloseClipboard
GetClientRect
DrawTextW
DestroyWindow
ExitWindowsEx
OpenClipboard
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
OleUninitialize
CoTaskMemFree
OleInitialize
CoCreateInstance
Number of PE resources by type
RT_DIALOG 5
RT_ICON 4
RT_MANIFEST 1
RT_BITMAP 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 12
NEUTRAL 1
PE resources
ExifTool file metadata
UninitializedDataSize
16896

LinkerVersion
9.0

ImageVersion
6.0

FileSubtype
0

FileVersionNumber
4.49.1.356

LanguageCode
Neutral

FileFlagsMask
0x0000

FileDescription
DAEMON Tools Lite Setup

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
431104

EntryPoint
0x354b

OriginalFileName
DAEMON Tools Lite4.49.1.0356.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright (C) 2004-2012

FileVersion
4.49.1.0356.0

TimeStamp
2010:04:10 14:19:31+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
DAEMON Tools Lite4.49.1.0356.exe

ProductVersion
4.49.1.0356.0

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Disc Soft Ltd

CodeSize
25600

ProductName
DAEMON Tools Lite

ProductVersionNumber
4.49.1.356

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
PE resource-wise parents
Compressed bundles
File identification
MD5 0fa6cd1de96bde0431c1c91904f6d040
SHA1 e750c443a83f9b135b499e7917c5a93120384bb3
SHA256 17761e85fbd73ba7f17f6862c530e982b8e5778fb509be6bcf749078c55f1bb0
ssdeep
393216:QLs07IN85R03BKr56mlQ0kWrGoH0dYuP63JpHNl/KJ:QJoG6i7kWrGoHfnk

authentihash aeb12a87a9e78f74d5c01c1114c5a43131cdb3ca897e3837145bae7343512f23
imphash b729b61eb1515fcf7b3e511e4e66258b
Размер файла 12.8 MБ ( 13429504 bytes )
Тип файла Win32 EXE
Описание
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (41.0%)
Win64 Executable (generic) (36.3%)
Win32 Dynamic Link Library (generic) (8.6%)
Win32 Executable (generic) (5.9%)
OS/2 Executable (generic) (2.6%)
Tags
peexe overlay signed nsis upx via-tor

VirusTotal metadata
First submission 2014-03-13 09:42:25 UTC (5 лет назад)
Last submission 2019-03-08 09:01:44 UTC (2 недель, 1 день назад)
Имена файлов DAEMON-Tools-Lite-4-49-1.exe
DTLite4491-0356.1394761051.exe
Daemon Tools lite THE2 GAMES.exe
Deamon Tool Lite.exe
daemon tools lite 4.49.1.0356.exe
DTLite4491-0356.exe
[Cyber_88]_DTLite4491-0356.exe
filehippo_DTLite4491-0356.exe
z DAEMON Tools Lite 4.49.1.exe
daemon tools 4.49.1.exe
daemon-tools-lite_4-49-1_fr_10729.exe
DAEMON Tools Lite v4.49.1 (with SPTD 1.86).exe
deamon tools.exe
Daemon Tools Lite 4.49.1.0356.0.exe
daemon-tools-lite-4-49-1-0356-32-bits [1].exe
$_2_
DAEMON.Tools.Lite-V4.49.exe
DTLite4491-0356-softexia.com.exe
DAEMON TOOLS.exe
29_01#T8#9249
Daemon_Tools_4.49.1.349.exe
dtlite4491-0356.1394761051.exe
DAEMON_Tools_Lite_v4.49.1.0356.exe
DAEMON Tools Lite 4.49.1-0356.exe
Daemon Tools Lite4491-0356.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

Нет комментариев. Из участников сообщества VirusTotal ещё пока никто не оставил комментарий по поводу результатов анализа. Станьте первым!

Оставьте свой комментарий...

?
Отправить

Вы не выполнили вход. Только зарегистрированные пользователи могут оставлять комментарии. Выполните вход и получите право голоса!

Нет голосов. Ещё пока никто не проголосовал за результаты анализа. Станьте первым!