home

DiscSoftBusService.exe

DAEMON Tools Lite

Disc Soft Ltd

The executable DiscSoftBusService.exe, “Disc Soft Bus Service” has been detected as malware by 2 anti-virus scanners. It runs as a windows Service named “Disc Soft Lite Bus Service”. While running, it connects to the Internet address mailrelay.203.website.ws on port 80 using the HTTP protocol.
Publisher:
Disc Soft Ltd

Product:
DAEMON Tools Lite

Description:
Disc Soft Bus Service

Version:
10.1.0.0074

MD5:
1eb155c94638dbd0cad0b0ba660256d9

SHA-1:
d0c09268da96714e947736eba6b31856daf5448c

SHA-256:
952be2e5078e2824d5c81d4115f29512d838cdca99b205c8e74b85a488ea1ce9

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
4/19/2024 11:52:54 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Dr.Web
Win64.Expiro.108
9.0.1.05190

ESET NOD32
Win64/Expiro.AC virus
6.3.12010.0

File size:
1.8 MB (1,857,536 bytes)

Product version:
10.1.0.0074

Copyright:
© 2000-2015 Disc Soft Ltd.

Original file name:
DiscSoftBusService.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\daemon tools lite\discsoftbusservice.exe

File PE Metadata
Compilation timestamp:
6/18/2015 7:57:04 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0xA5474

Entry point:
90, 55, 48, 89, E5, 56, 48, FF, CE, 57, 41, 54, 41, 55, 41, 56, 41, 57, 48, 81, EC, D0, 00, 00, 00, 48, C7, 85, 70, FF, FF, FF, 00, 00, 00, 00, 48, C7, 45, A8, 0E, 00, 00, 00, 4C, 8B, 55, A8, 49, 83, EA, 0E, 4C, 89, 55, A0, 48, C7, 45, 98, 09, 00, 00, 00, 45, 31, F6, 4C, 8B, 55, A0, 4D, 89, D5, 49, 83, ED, 00, 49, BA, 34, 2D, 00, 00, 00, 00, 00, 00, 4C, 89, 95, 40, FF, FF, FF, BE, 11, DA, 48, AB, 4C, 8B, 95, 40, FF, FF, FF, 49, B9, E4, 6A, 01, 00, 00, 00, 00, 00, 4D, 89, D6, 4D, 0F, AF, F1, 41, BD, CA, 55...
 
[+]

Entropy:
6.9591

Code size:
797.5 KB (816,640 bytes)

Service
Display name:
Disc Soft Lite Bus Service

Type:
Win32OwnProcess, InteractiveProcess

Depends on:
RPCSS


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to mailrelay.203.website.ws  (64.70.19.203:80)

Remove DiscSoftBusService.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.