» dpinst32.exe
Overview
Analysis
File Details

dpinst32.exe

Programme d'installation du package de pilotes (DPInst)

LionSea Software co., ltd

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The application dpinst32.exe, “Programme d'installation du package de pilotes” by LionSea Software co., ltd has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software.

File name:

dpinst32.exe

Publisher:

Microsoft Corporation (signed by LionSea Software co., ltd)

Product:

Programme d'installation du package de pilotes (DPInst)

Description:

Programme d'installation du package de pilotes

Version:

2.1

MD5:

2f8468bfe6ed2c1e9850bb57d5bd01ca

SHA-1:

79fe611016df932535bd7ddc69272495e7f68d96

SHA-256:

b06e919d6e5b24e934c3deb21729ab0662c6c53aadb119596e9f2e883ef448ae

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/23/2024 2:52:06 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.LionSea (M)

16.8.6.13

File size:

928.3 KB (950,567 bytes)

Product version:

2.1

Original file name:

DPInst.exe.mui

File type:

Executable application (Win32 EXE)

Language:

French (France)

Common path:

C:\Program Files\drivertuner\dpinst32.exe

Digital Signature

Signed by:

LionSea Software co., ltd

Authority:

Symantec Corporation

Valid from:

5/18/2016 12:00:00 AM

Valid to:

7/17/2019 11:59:59 PM

Subject:

CN="LionSea Software co., ltd", O="LionSea Software co., ltd", L=beijing, S=beijing, C=CN

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

59ACFBA6E3C65985E3C197DEF1765A78

File PE Metadata

Compilation timestamp:

10/16/2006 11:47:22 PM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

12288:qc1tPtCsOsCn01g6L9aPM26OP+6RYFhbb:qe9Bknlo9aPT+66Fhb

Entry address:

0x213B9

Entry point:

BB, AE, 48, 14, 4F, 93, E9, 20, 01, 00, 00, 16, BC, 1F, 1B, C7, 4B, 1F, 1B, 57, BC, AB, 9F, 9F, 1F, 9F, 9F, BA, 9F, 9F, 9F, FE, D0, D5, D0, CF, D0, D8, D6, D5, 9F, 9F, 9F, 13, 00, 19, 04, 01, 00, 0C, 00, CD, 03, 0B, 0B, 9F, 9F, 9F, 9F, FB, 9F, 9F, 9F, E5, 11, 04, 04, EB, 08, 01, 11, 00, 11, 18, 9F, E2, 11, 04, 00, 13, 04, E3, 08, 11, 04, 02, 13, 0E, 11, 18, E0, 9F, 9F, 9F, 9F, E6, 04, 13, F6, 08, 0D, 03, 0E, 16, 12, E3, 08, 11, 04, 02, 13, 0E, 11, 18, E0, 9F, 9F, 9F, 9F, E6, 04, 13, EC, 0E, 03, 14, 0B, 04... 
[+]

Code size:

391 KB (400,384 bytes)

Remove dpinst32.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.