» 더스틴스니퍼.exe
Overview
Analysis
File Details

더스틴스니퍼.exe

DustinP

NGO

The executable 더스틴스니퍼.exe has been detected as malware by 23 anti-virus scanners.

File name:

더스틴스니퍼.exe

Publisher:

http://dustin.gg.gg (signed by NGO)

Product:

DustinP

Version:

2.54

MD5:

6bf83ea726bc284d70e0658498d36cd8

SHA-1:

7d0d00a0cdb3666933182abcd301f9de676f5823

SHA-256:

59306046e3202d85861f255323d54fa67bb1fe4ef24f9bc656a70b9f6c3135aa

Scanner detections:

23 / 68

Status:

Malware

Analysis date:

4/29/2024 1:54:44 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Strictor.78291

440

Agnitum Outpost

Win32.Virut.Y.Gen

7.1.1

Avira AntiVirus

W32/Virut.Gen

8.3.1.6

Arcabit

Trojan.Strictor.D131D3

1.0.0.425

avast!

Win32:Vitro

2014.9-151122

AVG

Win32/Virut

2016.0.2918

Bitdefender

Gen:Variant.Strictor.78291

1.0.20.1630

Clam AntiVirus

Win.Trojan.Agent-568630

0.98/21511

Comodo Security

Virus.Win32.Virut.Ce

22569

Emsisoft Anti-Malware

Gen:Variant.Strictor.78291

8.15.11.22.09

ESET NOD32

Win32/Sniffer.SniffPass.B potentially unsafe (variant)

9.11841

Fortinet FortiGate

W32/Virut.CE

11/22/2015

F-Secure

Gen:Variant.Strictor.78291

11.2015-22-11_1

G Data

Gen:Variant.Strictor.78291

15.11.25

K7 AntiVirus

Trojan

13.205.16353

McAfee

W32/Virut.rem.G

5600.6574

MicroWorld eScan

Gen:Variant.Strictor.78291

16.0.0.978

NANO AntiVirus

Trojan.Win32.Agent.bnzxeo

0.30.24.2266

Panda Antivirus

Trj/Genetic.gen

15.11.22.09

Rising Antivirus

PE:Win32.Virut.cy!1556235

23.00.65.151120

Vba32 AntiVirus

Trojan.Genome.ai

3.12.26.4

VIPRE Antivirus

Trojan.Win32.Generic

41432

Zillya! Antivirus

Trojan.Genome.Win32.137609

2.0.0.2252

File size:

322 KB (329,728 bytes)

Product version:

2.54

Original file name:

DustinP.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\??????.exe

Digital Signature

Signed by:

NGO

Authority:

NGO

Valid from:

2/7/2015 8:44:24 PM

Valid to:

1/1/2040 8:59:59 AM

Subject:

CN=NGO

Issuer:

CN=NGO

Serial number:

1C92A145F75775B2470A77F97AA9AF04

File PE Metadata

Compilation timestamp:

12/28/2038 9:22:16 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

1536:YTcGpufPk+1TBLutl2da2lSlcfYqwBWjZ+DQwney2yUCKNNPzjwUyGB7nECNkNyr:zlBLutcd1ll0UjoDQu2ySNN/3yGdjWw

Entry address:

0x10076

Entry point:

6A, 70, 68, 50, 14, 41, 00, E8, E2, 01, 00, 00, 33, DB, 53, 8B, 3D, 7C, 10, 41, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03, C8, 81, 39, 50, 45, 00, 00, 75, 12, 0F, B7, 41, 18, 3D, 0B, 01, 00, 00, 74, 1F, 3D, 0B, 02, 00, 00, 74, 05, 89, 5D, E4, EB, 27, 83, B9, 84, 00, 00, 00, 0E, 76, F2, 33, C0, 39, 99, F8, 00, 00, 00, EB, 0E, 83, 79, 74, 0E, 76, E2, 33, C0, 39, 99, E8, 00, 00, 00, 0F, 95, C0, 89, 45, E4, 89, 5D, FC, 6A, 02, FF, 15, 80, 13, 41, 00, 59, 83, 0D, EC, 67, 41, 00, FF, 83, 0D, F0, 67... 
[+]

Entropy:

4.3602

Developed / compiled with:

Microsoft Visual C++ v7.1

Code size:

61.5 KB (62,976 bytes)

Remove 더스틴스니퍼.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.