DLLFilesClient.exe

DLL-files.com Client

Tilf AB

The application DLLFilesClient.exe by Tilf AB has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
DLL-files.com  (signed by Tilf AB)

Product:
DLL-files.com Client

Version:
2.1.1000.4462

MD5:
266e85d51e03c056b47925c0d85a5dfb

SHA-1:
f74f9adac6a059b9145dac99e4b8e12f75f428d2

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 5:13:51 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.TilfAB
16.11.2.14

File size:
3.3 MB (3,489,728 bytes)

Product version:
2.1.1000.4462

Copyright:
Copyright © 2016

Original file name:
DLLFilesClient.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\dll-files.com client\dllfilesclient.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
4/29/2016 1:40:38 PM

Valid to:
4/29/2019 1:40:38 PM

Subject:
CN=Tilf AB, O=Tilf AB, L=Malmö, S=Skåne, C=SE

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
72C23F70C1A11BC0

File PE Metadata
Compilation timestamp:
10/28/2016 12:56:14 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
98304:+isuvNROg4uvNauvNkuvNquvN4O55uvNnuvNGu/N1:5s79B7a8JG

Entry address:
0x317BDE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 90, 00, 00, 80, 10, 00, 00, 00, A8, 00, 00, 80, 18, 00, 00, 00, C0, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 0A, 00, 02, 00, 00, 00, D8, 00, 00, 80, 03, 00, 00, 00, F0, 00, 00, 80, 04, 00, 00, 00, 08, 01, 00, 80, 05, 00, 00, 00, 20, 01...
 
[+]

Entropy:
6.4073

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
3.1 MB (3,234,816 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to ec2-52-203-251-141.compute-1.amazonaws.com  (52.203.251.141:443)

TCP (HTTP):
Connects to sg2plpkivs-v01.any.prod.sin2.secureserver.net  (182.50.136.237:80)

TCP (HTTP):
Connects to a1plpkivs-v03.any.prod.ash1.secureserver.net  (72.167.239.239:80)

TCP (HTTP):
Connects to host-213.158.175.91.tedata.net  (213.158.175.91:80)

TCP (HTTP):
Connects to ch4plpkivs-v03.any.prod.ord1.secureserver.net  (50.63.243.230:80)

TCP (HTTP):
Connects to etg-01-011.etg.ras.cantv.net  (200.44.26.11:80)

TCP (HTTP):
Connects to a88-221-15-75.deploy.akamaitechnologies.com  (88.221.15.75:80)

TCP (HTTP):
Connects to www.turktelekom.com.tr  (195.175.116.64:80)

TCP (HTTP):
Connects to static-217.255.200.49-tataidc.co.in  (49.200.255.217:80)

TCP (HTTP):
Connects to static.vnpt.vn  (113.171.230.102:80)

TCP (HTTP):
Connects to sg2plpkivs-v03.any.prod.sin2.secureserver.net  (182.50.136.239:80)

TCP (HTTP):
Connects to n1plpkivs-v03.any.prod.ams1.secureserver.net  (188.121.36.239:80)

TCP (HTTP):
Connects to i24.158.178.82.omantel.net.om  (82.178.158.24:80)

TCP (HTTP):
Connects to host-213.158.175.75.tedata.net  (213.158.175.75:80)

TCP (HTTP):
Connects to host-213.158.175.72.tedata.net  (213.158.175.72:80)

TCP (HTTP):
Connects to host-213.158.175.35.tedata.net  (213.158.175.35:80)

TCP (HTTP):
Connects to emt200-31-210-16.emtelco.com  (200.31.210.16:80)

TCP (HTTP):
Connects to cable190-248-95-19.une.net.co  (190.248.95.19:80)

TCP (HTTP):
Connects to c9520ca8.virtua.com.br  (201.82.12.168:80)

TCP (HTTP):
Connects to a95-101-142-83.deploy.akamaitechnologies.com  (95.101.142.83:80)

Remove DLLFilesClient.exe - Powered by Reason Core Security