dpinst32.exe

Programme d'installation du package de pilotes (DPInst)

LionSea Software co., ltd

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application dpinst32.exe, “Programme d'installation du package de pilotes” by LionSea Software co., ltd has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software.
Publisher:
Microsoft Corporation  (signed by LionSea Software co., ltd)

Product:
Programme d'installation du package de pilotes (DPInst)

Description:
Programme d'installation du package de pilotes

Version:
2.1

MD5:
2f8468bfe6ed2c1e9850bb57d5bd01ca

SHA-1:
79fe611016df932535bd7ddc69272495e7f68d96

SHA-256:
b06e919d6e5b24e934c3deb21729ab0662c6c53aadb119596e9f2e883ef448ae

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/24/2024 12:39:09 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.LionSea (M)
16.8.6.13

File size:
928.3 KB (950,567 bytes)

Product version:
2.1

Copyright:
© Microsoft Corporation. Tous droits réservés.

Original file name:
DPInst.exe.mui

File type:
Executable application (Win32 EXE)

Language:
French (France)

Common path:
C:\Program Files\drivertuner\dpinst32.exe

Digital Signature
Authority:
Symantec Corporation

Valid from:
5/18/2016 12:00:00 AM

Valid to:
7/17/2019 11:59:59 PM

Subject:
CN="LionSea Software co., ltd", O="LionSea Software co., ltd", L=beijing, S=beijing, C=CN

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
59ACFBA6E3C65985E3C197DEF1765A78

File PE Metadata
Compilation timestamp:
10/16/2006 11:47:22 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:qc1tPtCsOsCn01g6L9aPM26OP+6RYFhbb:qe9Bknlo9aPT+66Fhb

Entry address:
0x213B9

Entry point:
BB, AE, 48, 14, 4F, 93, E9, 20, 01, 00, 00, 16, BC, 1F, 1B, C7, 4B, 1F, 1B, 57, BC, AB, 9F, 9F, 1F, 9F, 9F, BA, 9F, 9F, 9F, FE, D0, D5, D0, CF, D0, D8, D6, D5, 9F, 9F, 9F, 13, 00, 19, 04, 01, 00, 0C, 00, CD, 03, 0B, 0B, 9F, 9F, 9F, 9F, FB, 9F, 9F, 9F, E5, 11, 04, 04, EB, 08, 01, 11, 00, 11, 18, 9F, E2, 11, 04, 00, 13, 04, E3, 08, 11, 04, 02, 13, 0E, 11, 18, E0, 9F, 9F, 9F, 9F, E6, 04, 13, F6, 08, 0D, 03, 0E, 16, 12, E3, 08, 11, 04, 02, 13, 0E, 11, 18, E0, 9F, 9F, 9F, 9F, E6, 04, 13, EC, 0E, 03, 14, 0B, 04...
 
[+]

Code size:
391 KB (400,384 bytes)

Remove dpinst32.exe - Powered by Reason Core Security