home

DTLite.exe

DAEMON TOOLS LITE

EbizNetWorks

The application DTLite.exe by EbizNetWorks has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address disc-soft.com on port 443.
Publisher:
(주)이비즈네트웍스  (signed by EbizNetWorks)

Product:
DAEMON TOOLS LITE

Version:
5.661.0.3

MD5:
3b876adecec592d2c505f56b9820046f

SHA-1:
9d602bffe9faf667276ed6b77d0357c68616bfa9

SHA-256:
b650f66f5a694f8156b414569ac350d2924500a9fcd9949f87e5e8a8096a377d

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/25/2024 1:55:03 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.EbizNetW (M)
16.6.17.7

File size:
4.7 MB (4,896,160 bytes)

Product version:
5.661.0.3

Copyright:
(c) <EbizNetWorks>. All rights reserved.

Original file name:
DTLite.exe

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\daemon tools lite\dtlite.exe

Digital Signature
Signed by:
EbizNetWorks

Authority:
Symantec Corporation

Valid from:
4/28/2016 9:00:00 AM

Valid to:
1/23/2018 8:59:59 AM

Subject:
CN=EbizNetWorks, O=EbizNetWorks, L=Gangnam-gu, S=Seoul, C=KR

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
6EAD56FB10FC05615CA954D77165999F

File PE Metadata
Compilation timestamp:
6/16/2016 11:41:53 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:zZYrwueiJ3NwD47ak62BnqvYd4bdd38dOcAijbffdiwGBpz2Bg:Fz8E4c2Bnqb2Bg

Entry address:
0x18020C

Entry point:
48, 83, EC, 28, E8, 73, A3, 00, 00, 48, 83, C4, 28, E9, 1A, FE, FF, FF, CC, CC, 48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 48, 8B, DA, 48, 8B, F9, 48, 85, C9, 75, 0A, 48, 8B, CA, E8, BE, E4, FF, FF, EB, 6A, 48, 85, D2, 75, 07, E8, 6A, E5, FF, FF, EB, 5C, 48, 83, FA, E0, 77, 43, 48, 8B, 0D, CB, 5F, 0D, 00, B8, 01, 00, 00, 00, 48, 85, DB, 48, 0F, 44, D8, 4C, 8B, C7, 33, D2, 4C, 8B, CB, FF, 15, A1, 52, 03, 00, 48, 8B, F0, 48, 85, C0, 75, 6F, 39, 05, B3, 5F, 0D, 00, 74, 50, 48, 8B, CB, E8, 09...
 
[+]

Entropy:
6.1144

Code size:
1.7 MB (1,785,344 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to nrt20s01-in-f138.1e100.net  (172.217.24.138:80)

TCP (HTTP SSL):
Connects to disc-soft.com  (217.147.90.28:443)

Remove DTLite.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.