» dicter.exe
Overview
Analysis
File Details
Downloads (1)

dicter.exe

Dicter Setup

ITVA LLC

The application dicter.exe by ITVA has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from download.dicter.ru.

File name:

dicter.exe

Publisher:

ITVA LLC (signed and verified)

Product:

Dicter Setup

Version:

3.75.0.6

MD5:

449a1ec8cc7efc2c11729711d67834da

SHA-1:

330342448233d0bbcbb9ab39b3100f28e9bd0dac

SHA-256:

02024fc8e73207eb5221b3e1332d95cb30e49b99f947fc1022004f382fa4b28e

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/14/2024 10:58:44 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.iTVA.Installer (M)

16.5.15.17

File size:

1.4 MB (1,506,072 bytes)

Product version:

3.75

ITVA LLC

Trademarks:

Dicter is a Trademark of ITVA, LLC.

Original file name:

DicterSetup.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\dicter.exe

Digital Signature

Signed by:

ITVA LLC

Authority:

GlobalSign nv-sa

Valid from:

2/4/2016 6:06:48 PM

Valid to:

2/4/2017 6:06:48 PM

Subject:

CN=ITVA LLC, O=ITVA LLC, STREET="Parhomenko pr., 27/2 lit. A, office 6-N", L=Saint Petersburg, S=Saint Petersburg, C=RU, OID.1.3.6.1.4.1.311.60.2.1.2=Saint Petersburg, OID.1.3.6.1.4.1.311.60.2.1.3=RU, SERIALNUMBER=1107847001591, OID.2.5.4.15=Private Organization

Issuer:

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11212B8A6E2DA8A9954B83F4099B3336DAD1

File PE Metadata

Compilation timestamp:

4/3/2016 11:39:23 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

24576:aYGhpll/QoTgTdFz1Nmj/OSHQu5JWi8Q88UYgyuXNZiTOCOp3M1DrKe:ROCoTekjwKJ/8otgNpxM9rr

Entry address:

0x3A0D

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, 98, 01, 00, 00, 68, 01, 80, 00, 00, E8, A1, 47, 00, 00, 83, C4, 0C, E8, A1, 47, 00, 00, 66, 83, F8, 06, 74, 1E, 83, EC, 0C, 6A, 00, E8, A6, 2A, 00, 00, 83, C4, 0C, 85, C0, 74, 0D, 83, EC, 0C, 68, 00, 0C, 00, 00, FF, D0, 83, C4, 0C, BB, 40, A3, 40, 00, EB, 16, 83, EC, 0C, 53, E8, 1A, 2A, 00, 00, 53, E8, 6F, 47, 00, 00, 83, C4, 0C, 8D, 5C, 03, 01, 80, 3B, 00, 75, E5, 83, EC, 0C, 6A, 09, E8, 66, 2A, 00, 00, 6A, 07, E8, 5F, 2A, 00, 00, 83, C4, 0C, A3, 28, 45, 42, 00, E8, D5, 4A... 
[+]

Code size:

29.5 KB (30,208 bytes)

The file dicter.exe has been seen being distributed by the following URL.

http://download.dicter.ru/DicterSetup.exe

Remove dicter.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.