home

dgun.exe

2007 Microsoft Office system

Galantis MSK

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable dgun.exe, “2007 Microsoft Office component” has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from lilylily.ru.
Publisher:
Microsoft Corporation  (signed by Galantis MSK)

Product:
2007 Microsoft Office system

Description:
2007 Microsoft Office component

Version:
12.0.6606.1000

MD5:
a9f91a7d8f508d601dbb4377b4489aea

SHA-1:
475f0b61169fdfaf47260c470d2825aa509641f9

SHA-256:
9c33c4f07f7acb8b8d06576c53895fbd6c25fa52637be60d4451dc3cd3ac3a4a

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/16/2024 3:49:16 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.1.12.1

File size:
794 KB (813,040 bytes)

Product version:
12.0.6606.1000

Copyright:
© 2006 Microsoft Corporation. All rights reserved.

Original file name:
SetLang.Exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Digital Signature
Signed by:
Galantis MSK

Authority:
COMODO CA Limited

Valid from:
6/27/2016 2:00:00 AM

Valid to:
6/28/2017 1:59:59 AM

Subject:
CN=Galantis MSK, O=Galantis MSK, STREET="d. 163 korp. 1, prospekt Mira", L=Moscow, S=Moscow, PostalCode=129226, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
25391A5A8B498410563100ED497340FE

File PE Metadata
Compilation timestamp:
7/20/2016 2:57:13 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x2070

Entry point:
55, 8B, EC, 81, EC, 64, 02, 00, 00, 53, 56, 57, C6, 85, 6F, FF, FF, FF, D6, 8D, 09, 68, 8D, 20, 40, 00, C3, CD, 7F, C7, 85, C0, FE, FF, FF, 29, 00, 00, 00, 81, BD, C0, FE, FF, FF, 06, A1, 00, 00, 76, 02, EB, 23, 8B, 85, C0, FE, FF, FF, 83, C0, 15, 89, 85, C0, FE, FF, FF, 68, 70, E1, 48, 00, FF, 15, 84, 90, 48, 00, B9, C3, 01, 00, 00, 85, C9, 75, CF, 8B, 95, B4, FE, FF, FF, 8B, 8D, D4, FE, FF, FF, D3, E2, 89, 95, D4, FE, FF, FF, A1, B4, 39, 4C, 00, 50, FF, 15, 4C, 92, 48, 00, 8B, 8D, D4, FE, FF, FF, 2B, 8D...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
542.5 KB (555,520 bytes)

The file dgun.exe has been seen being distributed by the following URL.

http://lilylily.ru/NTY7aHR0cCUzQSUyRiUyRnMxLmZpbGUtc3BhY2Uub3JnJTJGZG93biUyRk5Sd3NsLU1lbnYlMkYxNDY5MDc0MzIxJTJGMV81X3lqMVJmbFc0QTJmMGlVUG9SQSUyRjg2NDQlMkYwJTJGODY0NCUyRkRndW4uY3M7bmFtZT1EZ3VuLmNzO3NpemU9MDt0eXBlPTIxMzMxO3V0bT1leUp6YjNWeVkyVWlPaUk0TmpRMElpd2liV1ZrYVhWdElqb2lJaXdpWTI5dGNHRnBaMjRpT2lJaUxDSjBaWEp0SWpvaUlpd2lZMjl1ZEdWdWRDSTZJaUo5O3JlYWxfcmVmZXJlcj07Zm9yY2VfZmlsZT10cnVl

Remove dgun.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.