home

dws_lite.exe

Destroy Windows 10 Spying

WZT

The application dws_lite.exe by WZT has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from www.majorgeeks.com and multiple other hosts.
Publisher:
WZT  (signed and verified)

Product:
Destroy Windows 10 Spying

Version:
1.5.648.0

MD5:
eb18797e54484291b6ab2a0149802631

SHA-1:
7a644190d56cea6bb8ac49c42a838a742b50ea9d

SHA-256:
01ab1b253794d47f2fe0a4386c65d918a2552455680e3c44eef7146122a1c6e7

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 7:27:25 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.MSFree.WZT.Meta (M)
16.2.27.17

File size:
290.2 KB (297,136 bytes)

Product version:
1.5.648.0

Copyright:
Copyright © 2015

Original file name:
DWS_Lite.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\dws_lite.exe

Digital Signature
Signed by:
WZT

Authority:
WZT

Valid from:
11/7/2015 11:03:18 PM

Valid to:
1/1/2040 1:59:59 AM

Subject:
CN=WZT

Issuer:
CN=WZT

Serial number:
6E3F036C76C8039A40116967FE0586C9

File PE Metadata
Compilation timestamp:
11/7/2015 10:49:00 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:z58+qWB1+7mID1RFuZlQWvt+KrNZHmYP+gbm+BzbU:q+qWB1+7mID1RFUyWvt+K5MS7b7BvU

Entry address:
0x37CAE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
215.5 KB (220,672 bytes)

The file dws_lite.exe has been seen being distributed by the following 2 URLs.

http://www.majorgeeks.com/index.php?ct=files&action=download&

https://github.com/Nummer/Destroy-Windows-10-Spying/releases/download/.../DWS_Lite.exe

Remove dws_lite.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.