» dsii installer.exe
Overview
Analysis
File Details
Network (1)

dsii installer.exe

DataDownloader

The executable dsii installer.exe has been detected as malware by 15 anti-virus scanners. While running, it connects to the Internet address node01.tmdhosting118.com on port 80 using the HTTP protocol.

File name:

dsii installer.exe

Publisher:

Microsoft* (Invalid match)

Product:

DataDownloader

Version:

1.0.0.0

MD5:

394422cfc6832b3cbf591f13141c1f9f

SHA-1:

40d5884feb3249a9fb5be30ae6f209184ffa5675

SHA-256:

c748e3c1825a257d7765ece93cb6a47a04c13ce73424fc00a987ea65156a0f22

Scanner detections:

15 / 68

Status:

Malware

Analysis date:

11/27/2024 12:48:49 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1935412

442

Agnitum Outpost

Trojan.DR.MSIL

7.1.1

Avira AntiVirus

TR/Dropper.MSIL.88600

7.11.213.4

avast!

MSIL:GenMalicious-ATL [Trj]

2014.9-151120

AVG

MSIL5

2016.0.2920

Bitdefender

Trojan.GenericKD.1935412

1.0.20.1620

Emsisoft Anti-Malware

Trojan.GenericKD.1935412

8.15.11.20.02

F-Secure

Trojan.GenericKD.1935412

11.2015-20-11_6

G Data

Trojan.GenericKD.1935412

15.11.25

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.8.6.0

McAfee

Artemis!394422CFC683

5600.6576

MicroWorld eScan

Trojan.GenericKD.1935412

16.0.0.972

Norman

Troj_Generic.XXOWX

11.20151120

nProtect

Trojan.GenericKD.1935412

15.02.27.01

VIPRE Antivirus

Trojan.Win32.Generic

38014

File size:

35.5 KB (36,352 bytes)

Product version:

1.0.0.0

Original file name:

DataDownloader.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\dsii installer.exe

File PE Metadata

Compilation timestamp:

10/5/2014 10:47:38 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

384:lgidhZBp3VNRH16YY1cruc1XGhCii3rQXKliQcLf+P/9B47UwERcjZUctAhjPDC0:7d/ZK6WhCiAkXLQcDS/bGUw6PQ+Pd

Entry address:

0xA232

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.7034

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

33 KB (33,792 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to node01.tmdhosting118.com (173.236.19.82:80)

Remove dsii installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.