home

dprotect.exe

TODO:

Skytouch Technology Co., Limited

The application dprotect.exe, “TODO: <File description>” by Skytouch Technology Co., Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory.
Publisher:
TODO: <Company name>  (signed by Skytouch Technology Co., Limited)

Product:
TODO: <Product name>

Description:
TODO: <File description>

Version:
2.1.1.1347

MD5:
40ad368027f64b7db9232fb4d166e430

SHA-1:
616e243f0d24cbe16aace40d165be62152634891

SHA-256:
98da0333c1259a8f7efcca7c1086396c733847e2ee7149c98a2c9b0815dc5b7f

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/26/2024 5:50:50 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ELEX.SkytouchTechnologyCo (M)
16.2.22.19

File size:
1 MB (1,072,248 bytes)

Product version:
2.1.1.1347

Copyright:
Copyright (C) 2013

Original file name:
eBPPack.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\f51ee34667f241c29669174846ac4cfa\dprotect.exe

Digital Signature
Signed by:
Skytouch Technology Co., Limited

Authority:
GlobalSign nv-sa

Valid from:
7/8/2013 10:29:59 AM

Valid to:
7/9/2014 10:29:59 AM

Subject:
CN="Skytouch Technology Co., Limited", O="Skytouch Technology Co., Limited", L=HongKong, S=HongKong, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216078022FA91C0EB61326E0E8FDBE9C30

File PE Metadata
Compilation timestamp:
9/24/2013 9:37:27 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:O0jgt6DQbLUSb9mmSpRwStrLfnU4/66o51fp6gr6ocXbSIhSV:O1LUSbTKXvU4/6lPStAV

Entry address:
0x207BE6

Entry point:
0F, 86, E8, D0, F0, FF, 68, E5, C2, 1E, 6F, C7, 04, 24, 5B, 06, 51, 00, 60, E8, 16, 8E, F0, FF, C6, 04, 24, D7, E9, 5B, CF, FE, FF, D2, 13, A1, 1B, 5F, 35, 33, 7D, A4, D0, 26, E0, FF, 2E, 37, 71, 14, 1E, 48, 6F, 0A, B5, 81, 94, 99, 81, 82, 92, 1D, 86, F4, BB, 37, 6C, 20, 90, 22, CE, EA, 3A, 9D, 6D, BA, B9, BA, 4C, F8, 55, 3C, EC, F0, 06, D4, 61, 03, 8B, 69, DA, 55, 15, 6D, CC, 9E, 7B, CB, 50, 1F, E7, 3B, 2D, 80, AB, 3D, 1D, 1A, A8, 18, C5, F4, FA, BA, DE, E3, F3, 93, F7, 4F, 9E, 6B, CA, A0, 4C, C8, D2, 9F...
 
[+]

Code size:
62.5 KB (64,000 bytes)

Remove dprotect.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.