DTLite.exe

DAEMON Tools Lite

Disc Soft Ltd

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘DAEMON Tools Lite’.
Publisher:
Disc Soft Ltd

Product:
DAEMON Tools Lite

Version:
4.49.1.0356

MD5:
5ff7b0d9277c2d30863a86b1c2780ee8

SHA-1:
284dec7a1f590a1806e077bc46baf1d6a675239a

SHA-256:
4af824ea6bc8b2afb1ec9b06bd9a86559d98d9e84ca0f0e53e1ab873bb546506

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/26/2024 12:52:39 AM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Heur.Advml.Gen!c
2.1.4+

avast!
Win32:Sality
2014.9-170108

McAfee
Artemis!5FF7B0D9277C
5600.6161

Qihoo 360 Security
HEUR/QVM10.1.F601.Malware.Gen
1.0.0.1120

File size:
3.5 MB (3,691,008 bytes)

Product version:
4.49.1.0356

Copyright:
© 2000-2013 Disc Soft Ltd.

Original file name:
DTLite.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\daemon tools lite\dtlite.exe

File PE Metadata
Compilation timestamp:
3/4/2014 4:19:46 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x15CFEC

Entry point:
E8, 87, 7E, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, 5A, D0, 55, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, 64, C3, 01, 00, 8B, 45, 0C, 8B, 40, 04, 83, E0, FD, 8B, 4D, 0C, 89, 41, 04, 64, 8B, 3D...
 
[+]

Entropy:
6.6676

Code size:
1.6 MB (1,639,936 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
DAEMON Tools Lite

Command:
"C:\Program Files\daemon tools lite\dtlite.exe" -autorun


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to ip-static-94-242-254-192.server.lu  (94.242.254.192:443)

Scan DTLite.exe - Powered by Reason Core Security