home

DTLite.exe

DAEMON TOOLS LITE

EbizNetWorks

The application DTLite.exe by EbizNetWorks has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘DAEMON Tools Lite’. While running, it connects to the Internet address cache.google.com on port 443.
Publisher:
(주)이비즈네트웍스  (signed by EbizNetWorks)

Product:
DAEMON TOOLS LITE

Version:
5.661.0.3

MD5:
20c9acb96609af1876b06aeb4d96720e

SHA-1:
2c4271212cc9bead8f314f28b68c7cfffa76f5be

SHA-256:
97fe6b80a3da47a82963d4c1a9566ffcf34b09041db6489d192a78a66ef9f1dd

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/6/2024 2:13:44 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.11.17.7

File size:
3.9 MB (4,086,152 bytes)

Product version:
5.661.0.3

Copyright:
(c) <EbizNetWorks>. All rights reserved.

Original file name:
DTLite.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\daemon tools lite\dtlite.exe

Digital Signature
Signed by:
EbizNetWorks

Authority:
Symantec Corporation

Valid from:
4/28/2016 9:00:00 AM

Valid to:
1/23/2018 8:59:59 AM

Subject:
CN=EbizNetWorks, O=EbizNetWorks, L=Gangnam-gu, S=Seoul, C=KR

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
6EAD56FB10FC05615CA954D77165999F

File PE Metadata
Compilation timestamp:
11/17/2016 9:03:52 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:vUbym4S28KeTvooubylkHiZygUnA/Vwr2BnqvYd4bdd38dOcAijbffdiwGBpz2B6:8bymyp6kU0A/Vwr2Bnqb2B6

Entry address:
0x1168A1

Entry point:
E8, F0, A6, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 66, 8B, 08, 83, C0, 02, 66, 85, C9, 75, F5, 2B, 45, 08, D1, F8, 48, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4...
 
[+]

Entropy:
6.0753

Code size:
1.2 MB (1,288,192 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
DAEMON Tools Lite

Command:
"C:\Program Files\daemon tools lite\dtlite.exe" -autorun


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to cache.google.com  (59.18.44.178:443)

TCP (HTTP):
Connects to nrt12s12-in-f202.1e100.net  (216.58.200.202:80)

TCP (HTTP):
Connects to nrt20s02-in-f10.1e100.net  (172.217.26.10:80)

TCP (HTTP):
Connects to nrt12s17-in-f10.1e100.net  (172.217.26.42:80)

TCP (HTTP):
Connects to kix05s02-in-f10.1e100.net  (216.58.199.234:80)

TCP (HTTP):
Connects to ip-static-94-242-254-192.server.lu  (94.242.254.192:80)

TCP (HTTP SSL):
Connects to hkg12s11-in-f4.1e100.net  (216.58.200.4:443)

TCP (HTTP):
Connects to hkg12s10-in-f42.1e100.net  (216.58.203.42:80)

TCP (HTTP SSL):
Connects to hkg07s23-in-f34.1e100.net  (172.217.24.34:443)

TCP (HTTP SSL):
Connects to hkg07s23-in-f33.1e100.net  (172.217.24.33:443)

TCP (HTTP SSL):
Connects to hkg07s01-in-f98.1e100.net  (216.58.221.98:443)

Remove DTLite.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.