DLLSuite.exe

DLLSuite

VskSoft

The executable DLLSuite.exe has been detected as malware by 17 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘DLLSuite2016’. While running, it connects to the Internet address a2.a4.a86c.ip4.static.sl-reverse.com on port 8090.
Publisher:
VskSoft

Product:
DLLSuite

Version:
9.0.0.2190

MD5:
b57906d6ace088490f8e60ac081b6da4

SHA-1:
ff7df3e73fed9ee4c1c63b6eb587d6e6e8612fdc

SHA-256:
a39098ec6cf91b7eabcddb3b939af48f3b5e281f441784d3866ad43bc600066d

Scanner detections:
17 / 68

Status:
Malware

Analysis date:
12/28/2024 2:17:08 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.26372
429

Agnitum Outpost
Packed/NSPack
7.1.1

Arcabit
Trojan.Symmi.D6704
1.0.0.627

AVG
Proxy
2016.0.2907

Bitdefender
Gen:Variant.Symmi.26372
1.0.20.1680

Bkav FE
W32.HfsAutoB
1.3.0.7383

Comodo Security
Packed.Win32.MNSP.Gen
23690

Emsisoft Anti-Malware
Gen:Variant.Symmi.26372
8.15.12.02.12

F-Prot
W32/Heuristic-210
v6.4.7.1.166

F-Secure
Gen:Variant.Symmi.26372
11.2015-02-12_4

G Data
Gen:Variant.Symmi.26372
15.12.25

K7 AntiVirus
Trojan
13.212.18027

MicroWorld eScan
Gen:Variant.Symmi.26372
16.0.0.1008

Qihoo 360 Security
HEUR/QVM12.0.Malware.Gen
1.0.0.1077

Trend Micro House Call
Mal_MLWR-24
7.2.336

Trend Micro
Mal_MLWR-24
10.465.02

VIPRE Antivirus
Packer.NSAnti.Gen
45562

File size:
2.2 MB (2,296,798 bytes)

Product version:
9.0

Original file name:
DLLSuite.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\dll suite\dllsuite.exe

File PE Metadata
Compilation timestamp:
11/30/2015 1:27:17 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:1t7uJfCWcXfcfG3Bb3xlNmQHG13b3ldHNyMYbkpa:1lUfFcPwABLzGr7HNyMY+a

Entry address:
0x707A77

Entry point:
9C, 60, E8, 00, 00, 00, 00, 5D, B8, 07, 00, 00, 00, 2B, E8, 8D, B5, BD, F7, FF, FF, 66, 8B, 06, 66, 83, F8, 00, 74, 15, 8B, F5, 8D, B5, E5, F7, FF, FF, 66, 8B, 06, 66, 83, F8, 01, 0F, 84, 42, 02, 00, 00, C6, 06, 01, 8B, D5, 2B, 95, 79, F7, FF, FF, 89, 95, 79, F7, FF, FF, 01, 95, A9, F7, FF, FF, 8D, B5, ED, F7, FF, FF, 01, 16, 60, 6A, 40, 68, 00, 10, 00, 00, 68, 00, 10, 00, 00, 6A, 00, FF, 95, 21, F8, FF, FF, 85, C0, 0F, 84, 6A, 03, 00, 00, 89, 85, A1, F7, FF, FF, E8, 00, 00, 00, 00, 5B, B9, 68, 03, 00, 00...
 
[+]

Entropy:
7.7728

Packer / compiler:
NsPacK V3.0

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
DLLSuite2016

Command:
C:\Program Files\dll suite\dllsuite.exe


The executing file has been seen to make the following network communication in live environments.

TCP:
Connects to a2.a4.a86c.ip4.static.sl-reverse.com  (108.168.164.162:8090)

Remove DLLSuite.exe - Powered by Reason Core Security