» dnscache.exe
Overview
Analysis
File Details
Behaviors (1)

dnscache.exe

The executable dnscache.exe has been detected as malware by 30 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Network List Service’.

File name:

dnscache.exe

MD5:

84c5aba6054185a0e34a62d57d9a76e5

SHA-1:

c91cd8230ba48d7bf0f297294d8ec9a5cd493813

SHA-256:

bfd470c5b90db42483180f64c71c5c4708e2fede959e97795ef3bd21dbbccf7a

Scanner detections:

30 / 68

Status:

Malware

Analysis date:

4/25/2024 1:49:15 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Agent.BDYL

707

AhnLab V3 Security

Trojan/Win32.Generic

2014.07.08

Avira AntiVirus

TR/ATRAPS.Gen

7.11.173.200

avast!

MSIL:Agent-CAB [Trj]

2014.9-150227

AVG

MSIL4

2016.0.3185

Baidu Antivirus

Trojan.MSIL.Agent

4.0.3.15227

Bitdefender

Trojan.Agent.BDYL

1.0.20.290

Comodo Security

UnclassifiedMalware

19585

Dr.Web

BackDoor.Siggen.57779

9.0.1.0190

Emsisoft Anti-Malware

Trojan.Agent.BDYL

8.15.02.27.09

ESET NOD32

MSIL/Agent.PKE (variant)

9.10447

F-Secure

Trojan.Agent.BDYL

11.2015-27-02_6

G Data

Trojan.Agent.BDYL

15.2.24

IKARUS anti.virus

Trojan-Spy.Zbot

t3scan.1.7.8.0

K7 AntiVirus

Trojan

13.183.13432

Kaspersky

Trojan-Dropper.MSIL.Inject

14.0.0.2421

Malwarebytes

Backdoor.Bot

v2015.02.27.09

McAfee

Artemis!84C5ABA60541

5600.6841

MicroWorld eScan

Trojan.Agent.BDYL

16.0.0.174

Norman

Suspicious_Gen4.GUJKH

11.20150227

nProtect

Trojan.Agent.BDYL

14.09.22.01

Panda Antivirus

Trj/Chgt.D

15.02.27.09

Qihoo 360 Security

Win32/Trojan.649

1.0.0.1015

Quick Heal

TrojanDropper.Inject.r3

2.15.14.00

Rising Antivirus

PE:Trojan.Win32.Generic.17082AC3!386411203

23.00.65.15225

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_GEN.R0C1C0GHO14

7.2.58

Trend Micro

TROJ_GEN.R0C1C0GHO14

10.465.27

VIPRE Antivirus

Trojan.Win32.Generic

33330

Zillya! Antivirus

Dropper.Inject.Win32.8

2.0.0.1929

File size:

11 KB (11,264 bytes)

File type:

Executable application (Win32 EXE)

Language:

Polish (Poland)

Common path:

C:\users\{user}\appdata\roaming\microsoft\windows\dnscache.exe

File PE Metadata

Compilation timestamp:

7/4/2014 2:14:24 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

192:uXoOSnOZxNQCnzaXHe73juungErbv7qZEWcp8cr6I:uXoOCOPNLT/jgE3zElpcr6

Entry address:

0x4377

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.4145

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

9 KB (9,216 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Network List Service

Command:

C:\users\{user}\appdata\roaming\microsoft\windows\dnscache.exe

Remove dnscache.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.