DTLite.exe

DAEMON TOOLS LITE

EbizNetWorks

The application DTLite.exe by EbizNetWorks has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address ip-static-94-242-254-192.server.lu on port 80 using the HTTP protocol.
Publisher:
(주)이비즈네트웍스  (signed by EbizNetWorks)

Product:
DAEMON TOOLS LITE

Version:
5.03.0.331

MD5:
364f3f42bdef86cfba2ca15479570f98

SHA-1:
42ea498173642823dad0d7d56a57e26b4aeaf659

SHA-256:
1e748918f77feb8008701cfa359907f3ecb71f87bbba3588a81e5d6a3917eeab

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/24/2024 5:11:52 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.EbizNetWorks (M)
15.12.20.15

File size:
4.7 MB (4,893,904 bytes)

Product version:
5.03.0.331

Copyright:
(c) <EbizNetWorks>. All rights reserved.

Original file name:
DTLite.exe

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\daemon tools lite\dtlite.exe

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
11/24/2015 9:00:00 AM

Valid to:
1/23/2018 8:59:59 AM

Subject:
CN=EbizNetWorks, O=EbizNetWorks, L=Gangnam-gu, S=Seoul, C=KR

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
06AF189276E836B12549E30030BFB886

File PE Metadata
Compilation timestamp:
11/25/2015 3:36:59 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:R19Bjx9YIZFvwu0YO2BnqvYd4bdd38dOcAijbffdiwGBpz2Bv:PnZl/O2Bnqb2Bv

Entry address:
0x17FFC4

Entry point:
48, 83, EC, 28, E8, 4B, AE, 00, 00, 48, 83, C4, 28, E9, 12, FE, FF, FF, CC, CC, 48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 48, 8B, DA, 48, 8B, F9, 48, 85, C9, 75, 0A, 48, 8B, CA, E8, B6, E4, FF, FF, EB, 6A, 48, 85, D2, 75, 07, E8, 62, E5, FF, FF, EB, 5C, 48, 83, FA, E0, 77, 43, 48, 8B, 0D, 13, 72, 0D, 00, B8, 01, 00, 00, 00, 48, 85, DB, 48, 0F, 44, D8, 4C, 8B, C7, 33, D2, 4C, 8B, CB, FF, 15, E9, 64, 03, 00, 48, 8B, F0, 48, 85, C0, 75, 6F, 39, 05, FB, 71, 0D, 00, 74, 50, 48, 8B, CB, E8, DD...
 
[+]

Entropy:
6.1135

Code size:
1.7 MB (1,786,880 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ip-static-94-242-254-192.server.lu  (94.242.254.192:80)

TCP (HTTP SSL):
Connects to disc-soft.com  (217.147.90.28:443)

Remove DTLite.exe - Powered by Reason Core Security