home

dts.exe

新浪大天使之剑

江苏极光网络技术有限公司

The executable dts.exe has been detected as malware by 1 anti-virus scanner.
Publisher:
江苏极光网络技术有限公司  (signed and verified)

Product:
新浪大天使之剑

Version:
3, 0, 0, 0

MD5:
e171bffd94e184df05c7b7e36818e2e4

SHA-1:
518a38e69da61e4af8b4dbc72162021459e8b8d4

SHA-256:
685755e31f4389e94f0ec1f93b30daaf2866002e7666d9f4ad48c49c09d18112

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
9/27/2024 6:25:55 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.9.20.7

File size:
1.4 MB (1,459,400 bytes)

Product version:
3, 0, 0, 0

Copyright:
Copyright (C) 2013-2014

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\users\{user}\appdata\roaming\weibo\dts\dts.exe

Digital Signature
Signed by:
江苏极光网络技术有限公司

Authority:
WoSign CA Limited

Valid from:
5/28/2014 9:51:16 AM

Valid to:
5/28/2016 9:51:16 AM

Subject:
CN=江苏极光网络技术有限公司, E=avayn@126.com, O=江苏极光网络技术有限公司, L=淮安市, S=江苏省, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
4ED44E06E4894601FA5EF5B0BDDD5A36

File PE Metadata
Compilation timestamp:
7/30/2014 5:21:25 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:+fuImC/tySrfbs2S9UH0WuoiN6lYClzKYBYFt10F+LlxRIZ2rDJ1VY8Qo:+tDrfbbEZoqMYYzD6F/YoRg2fJ1Veo

Entry address:
0x2C59D

Entry point:
E8, C4, D5, 00, 00, E9, 79, FE, FF, FF, CC, 68, 10, C6, 42, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, A0, 31, 45, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56...
 
[+]

Entropy:
7.6894

Code size:
269 KB (275,456 bytes)

Remove dts.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.