» dinerdash.exe
Overview
Analysis
File Details

dinerdash.exe

Director MX 2004

Macromedia, Inc.

The executable dinerdash.exe, “Macromedia Projector” has been detected as malware by 36 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.

File name:

dinerdash.exe

Publisher:

Macromedia, Inc.

Product:

Director MX 2004

Description:

Macromedia Projector

Version:

10.1r11

MD5:

44d973704c9642457849a354582b3edc

SHA-1:

76e167bd97c88712a198ecc0dcaef1a82f8932c8

SHA-256:

4fa20d3e1a2f82c0c2daeabf83143a2940ceea4f3e997a8ed578e549589ae3c1

Scanner detections:

36 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/25/2024 3:55:14 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Sality.3

926

Agnitum Outpost

Win32.Sality.BL

7.1.1

AhnLab V3 Security

Win32/Kashu.E

2014.07.24

Avira AntiVirus

W32/Sality.AT

7.11.30.172

avast!

Win32:SaliCode

140617-1

AVG

Win32/Sality

2014.0.3986

Baidu Antivirus

Virus.Win32.Sality.$Emu

4.0.3.14723

Bitdefender

Win32.Sality.3

1.0.20.1020

Bkav FE

W32.Sality.PE

1.3.0.4959

Comodo Security

Virus.Win32.Sality.Gen

18948

Dr.Web

Win32.Sector.22

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

8.14.07.23.01

ESET NOD32

Win32/Sality.NBA virus

7.0.302.0

F-Prot

W32/Sality.gen2

4.6.5.141

F-Secure

Win32.Sality.3

11.2014-23-07_4

G Data

Win32.Sality

14.7.24

IKARUS anti.virus

Virus.Win32.Sality

t3scan.1.6.1.0

K7 AntiVirus

Virus

13.181.12819

Kaspersky

Virus.Win32.Sality

15.0.0.494

McAfee

W32/Sality.gen.z

5600.7060

Microsoft Security Essentials

Threat.Undefined

1.179.842.0

MicroWorld eScan

Win32.Sality.3

15.0.0.612

NANO AntiVirus

Virus.Win32.Sality.beygb

0.28.2.60990

Norman

Sality.A[gs]

11.20140723

nProtect

Virus/W32.Sality.D

14.07.23.01

Panda Antivirus

W32/Sality.AA

14.07.23.01

Qihoo 360 Security

Malware.QVM19.Gen

1.0.0.1015

Quick Heal

W32.Sality.U

7.14.14.00

Rising Antivirus

PE:Win32.KUKU.kt!1591113

23.00.65.14721

Sophos

Mal/Sality-D

4.98

Total Defense

Win32/Sality.AA

37.0.11076

Trend Micro House Call

PE_SALITY.RL

7.2.204

Trend Micro

PE_SALITY.RL

10.465.23

Vba32 AntiVirus

Virus.Win32.Sality.bakc

3.12.26.3

VIPRE Antivirus

Threat.4721115

31208

ViRobot

Win32.Sality.N

2011.4.7.4223

File size:

212 KB (217,088 bytes)

Product version:

10.1

Trademarks:

Director® is a registered trademark and Shockwave(tm) is a trademark of Macromedia, Inc.

Original file name:

Projector.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\diner dash\dinerdash.exe

File PE Metadata

Compilation timestamp:

9/9/2004 1:46:18 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:ZtTFpJcAlTOUPVvhtlYmoJS7P+Kz9JEYm5m5dHKvfz7DeheAZrZUxsVP:zFpXOUPVvh8UaYum5dAfPDirZbP

Entry address:

0x1D000

Entry point:

86, DF, 8A, F3, 0C, 45, 10, C8, 0F, BF, FE, 0F, B6, DA, 3C, C5, 2B, F6, 38, F4, 0F, BE, D7, F3, 0F, B7, D5, 0F, BF, CE, 81, C6, 3E, ED, F4, FF, 0F, B6, C9, 81, C6, C3, 12, 0B, 00, 0F, BF, F9, 8B, C8, C6, C4, 1C, F2, 89, F0, 8A, C8, 0F, B6, CE, F3, 8B, C0, 81, FE, 2D, 00, 00, 00, 0F, 8C, C6, FF, FF, FF, 0F, BF, C8, 89, D2, FE, C6, 0F, BE, FA, E8, 17, 00, 00, 00, 8D, 15, 69, 8D, 1B, 7C, 80, E8, 11, B1, FA, 0F, B7, D5, 85, D0, FE, CD, 0F, B7, DD, 3B, F7, 5F, 80, E1, C5, EB, 04, FF, CB, 86, DA, FE, CB, BE, 2D... 
[+]

Entropy:

6.8157

Code size:

32 KB (32,768 bytes)

Remove dinerdash.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.