eType.exe

eType Application

DSNR

The application eType.exe, “eType Application” by DSNR has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘eType’.
Publisher:
DSNR Media Innovations  (signed by DSNR)

Product:
eType Application

Description:
eType Application

Version:
1.0.0.1

MD5:
b1c069ae739ca837ee142eaa37009b21

SHA-1:
8ec648ba28d13e82b48706608a50e764e2d05cf2

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/28/2024 12:43:48 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.DSNR.F
14.8.30.8

File size:
2.8 MB (2,917,272 bytes)

Product version:
1.0.0.1

Copyright:
© 2010-2012 DMI . All rights reserved.

Original file name:
eType.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\Application data\etype\etype.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
4/16/2012 8:00:00 AM

Valid to:
4/13/2013 7:59:59 AM

Subject:
CN=DSNR, OU=DSNR labs, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=DSNR, L=Raanana, S=Israel, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4D1A5C63FA2465BBB324D0AE2902288A

File PE Metadata
Compilation timestamp:
7/24/2012 8:43:41 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:bnObZrq0yLhussEJM4TuA41x5NMkAC1BtZQRETffW6ITJxH:bnyU0QhushJDuP16af06K

Entry address:
0xD582D

Entry point:
E8, 76, AB, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, 30, 57, 57, 00, 75, 02, F3, C3, E9, F8, AB, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, 49, 66, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 30, 0A, 00, 00, 83, C4, 14, 8B, C6, EB, 45, 39, 7D, 10, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, C0, AC, 00, 00, 83, C4, 0C, EB, C1, FF, 75, 0C, 57, FF, 75, 08, E8, 2F, 6A, 00, 00, 83, C4, 0C, 39, 7D, 10, 74, B6, 39, 75, 0C, 73...
 
[+]

Entropy:
7.0281

Code size:
1.1 MB (1,126,400 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
eType

Command:
C:\Documents and Settings\{user}\Application data\etype\etype.exe


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ec2-54-243-207-13.compute-1.amazonaws.com  (54.243.207.13:80)

Remove eType.exe - Powered by Reason Core Security