더스틴스니퍼.exe

DustinP

http://dustin.gg.gg

The application 더스틴스니퍼.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. The file has been seen being downloaded from maildown.nate.com.
Publisher:
http://dustin.gg.gg

Product:
DustinP

Version:
2.54

MD5:
c8ef905f1480c7542529fa91abce3476

SHA-1:
8980942b1c8a4e4040c155e4b035ca6f53580ba4

SHA-256:
aaa98a5d8134598704062d4ccb545f25a841409e143ac81ac965837b57930316

Scanner detections:
14 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 6:50:13 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.SniffPass
7.1.1

avast!
Win32:Vitro
2014.9-160706

AVG
Luhe.Gen.B
2017.0.2690

Clam AntiVirus
Win.Trojan.Agent-568630
0.98/21511

ESET NOD32
Win32/Sniffer.SniffPass.B potentially unsafe (variant)
10.12223

Fortinet FortiGate
W32/Virut.CE
7/6/2016

F-Prot
W32/SuspPack.FW.gen
v6.4.7.1.166

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.2017152

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.-54

NANO AntiVirus
Trojan.Win32.Agent.bnzxeo
0.30.24.3283

Panda Antivirus
Trj/Genetic.gen
16.07.06.06

Vba32 AntiVirus
Trojan.Genome.ai
3.12.26.4

Zillya! Antivirus
Trojan.Genome.Win32.137609
2.0.0.2392

File size:
427 KB (437,217 bytes)

Product version:
2.54

Copyright:
Copyright ⓒ 2009 - 2010 Dustin

Original file name:
DustinP.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\더스틴스니퍼.exe

File PE Metadata
Compilation timestamp:
8/2/1996 12:49:59 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
3072:TlBLutcd1ll0UjoDQu2ySNN/3yGdjWeQ1lyq1wfT:TvPfl4vSbCd1lyq1Q

Entry address:
0x10076

Entry point:
6A, 70, 68, 50, 14, 41, 00, E8, E2, 01, 00, 00, 33, DB, 53, 8B, 3D, 7C, 10, 41, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03, C8, 81, 39, 50, 45, 00, 00, 75, 12, 0F, B7, 41, 18, 3D, 0B, 01, 00, 00, 74, 1F, 3D, 0B, 02, 00, 00, 74, 05, 89, 5D, E4, EB, 27, 83, B9, 84, 00, 00, 00, 0E, 76, F2, 33, C0, 39, 99, F8, 00, 00, 00, EB, 0E, 83, 79, 74, 0E, 76, E2, 33, C0, 39, 99, E8, 00, 00, 00, 0F, 95, C0, 89, 45, E4, 89, 5D, FC, 6A, 02, FF, 15, 80, 13, 41, 00, 59, 83, 0D, EC, 67, 41, 00, FF, 83, 0D, F0, 67...
 
[+]

Entropy:
4.1979

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
61.5 KB (62,976 bytes)

The file 더스틴스니퍼.exe has been seen being distributed by the following URL.

Remove 더스틴스니퍼.exe - Powered by Reason Core Security