home

DProtect.exe

TODO:

Skytouch Technology Co., Limited

The application DProtect.exe, “TODO: <File description>” by Skytouch Technology Co., Limited has been detected as adware by 28 anti-malware scanners. This is an adware bundler (AKA ElexNetDownload) that will include additional unwanted offers in the download and install process. During install it will establish a connection to twonext.com and xingcloud.com to determine what offers to show the user (based on what is already installed and where they live).It is also typically executed from the user's temporary directory.
Publisher:
TODO: <Company name>  (signed by Skytouch Technology Co., Limited)

Product:
TODO: <Product name>

Description:
TODO: <File description>

Version:
1.0.0.1

MD5:
e2ea8186864eae00388afff6c228f378

SHA-1:
0717ff6aeb887f59ede586c50ab792a326e0a426

SHA-256:
71b4272c28f264a925cd2673e7839e8c4d5e2821e4cb3b528c2d86580bc0eff4

Scanner detections:
28 / 68

Status:
Adware

Explanation:
Software bundler and update mechanism that will attempt to install adware offers.

Analysis date:
4/24/2024 6:31:46 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Application.ExqPage.H
775

Avira AntiVirus
SPR/Tool.ExqPage.H
7.11.109.218

AVG
MalSign.Generic
2015.0.3253

Baidu Antivirus
Adware.Win32.ElexInstall
4.0.3.141221

Bitdefender
Application.ExqPage.H
1.0.20.1810

Bkav FE
W32.Clodfc7.Trojan
1.3.0.4959

Comodo Security
UnclassifiedMalware
17171

Dr.Web
Adware.Mutabaha.24
9.0.1.0355

Fortinet FortiGate
W32/Staser.FV!tr
12/21/2014

F-Secure
Dropped:Application.ExqPage.H
11.2014-21-12_1

G Data
Application.ExqPage
13.12.22

IKARUS anti.virus
Application.ExqPage
t3scan.2.0.127

K7 AntiVirus
Trojan
13.177.12026

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.4551

McAfee
Artemis!E2EA8186864E
5600.7267

MicroWorld eScan
Application.ExqPage.H
14.0.0.1086

NANO AntiVirus
Trojan.Win32.Staser.cghkug
0.26.0.55532

Norman
Suspicious_Gen5.AFMVT
11.20131228

Panda Antivirus
Suspicious file
13.12.28.06

Qihoo 360 Security
Win32/Trojan.074
1.0.0.1015

Quick Heal
Trojan.Staser.r5
12.14.14.00

Reason Heuristics
PUP.SkytouchTechnologyCoLimited.I
14.3.20.14

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R0CBH07JN13
7.2.362

Trend Micro
TROJ_SPNV.01JG13
10.465.21

Vba32 AntiVirus
Trojan.Staser
3.12.24.3

VIPRE Antivirus
Elex Installer
29012

Zillya! Antivirus
Trojan.Staser.Win32.98
2.0.0.1783

File size:
1.2 MB (1,288,312 bytes)

Product version:
1.0.0.1

Copyright:
Copyright (C) 2013

Original file name:
eBPPack.exe

File type:
Executable application (Win32 EXE)

Language:
Çince (Basitlestirilmis, ÇHC)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\e9a4c805862545789aaaf31dc3b988ee\dprotect.exe

Digital Signature
Signed by:
Skytouch Technology Co., Limited

Authority:
GlobalSign nv-sa

Valid from:
7/8/2013 11:29:59 AM

Valid to:
7/9/2014 11:29:59 AM

Subject:
CN="Skytouch Technology Co., Limited", O="Skytouch Technology Co., Limited", L=HongKong, S=HongKong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216078022FA91C0EB61326E0E8FDBE9C30

File PE Metadata
Compilation timestamp:
9/11/2013 5:08:31 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:9SwlxqE1/qZNB//4gGeqav+i0OjNjv4+MZOW28viCND0PO556Gvqs097G:9Sw0B//3Gel0qD6z3xdN4G

Entry address:
0x870A

Entry point:
E8, 60, 3D, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, C6, 46, 0C, 00, 85, C0, 75, 63, E8, 65, 38, 00, 00, 89, 46, 08, 8B, 48, 6C, 89, 0E, 8B, 48, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, 88, BD, 41, 00, 74, 12, 8B, 0D, 40, BB, 41, 00, 85, 48, 70, 75, 07, E8, B2, 48, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, 48, BA, 41, 00, 74, 16, 8B, 46, 08, 8B, 0D, 40, BB, 41, 00, 85, 48, 70, 75, 08, E8, 11, 41, 00, 00, 89, 46, 04, 8B, 46, 08, F6, 40, 70, 02, 75, 14, 83, 48, 70, 02, C6, 46, 0C, 01, EB, 0A...
 
[+]

Code size:
62.5 KB (64,000 bytes)

Remove DProtect.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.