home

dtlite4451-0236.exe

DAEMON Tools Lite

DT Soft Ltd

The application dtlite4451-0236.exe, “DAEMON Tools Lite Setup” by DT Soft has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This file is typically installed with the program Dolphin by Dolphin Development Team. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
DT Soft Ltd.  (signed by DT Soft Ltd)

Product:
DAEMON Tools Lite

Description:
DAEMON Tools Lite Setup

Version:
4.45.1.0236.0

MD5:
418cd1da7084a8441dab07b86afdc460

SHA-1:
195f9bb7d46147e9bfd671500af25e79875ee935

SHA-256:
5f6e43609a99024ba49d8da0239b7cb6859ce34d5e46dfbe23298993c2ed5485

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
4/25/2024 11:35:47 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/OpenCandy
8.9248

Malwarebytes
PUP.Optional.OpenCandy
v2013.12.19.05

Rising Antivirus
PE:Malware.Packed!1.9C4E
23.00.65.131217

File size:
14 MB (14,717,808 bytes)

Product version:
4.45.1.0236.0

Copyright:
Copyright (C) 2004-2009

Original file name:
DAEMONSetup4.45.1.0236.exe

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Digital Signature
Signed by:
DT Soft Ltd

Authority:
VeriSign, Inc.

Valid from:
11/4/2009 1:00:00 AM

Valid to:
11/4/2012 12:59:59 AM

Subject:
CN=DT Soft Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=DT Soft Ltd, L=Belize City, S=Belize, C=BZ

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
109F1DAAAFB83315A6B64A6EED82D816

File PE Metadata
Compilation timestamp:
4/10/2010 2:19:31 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
393216:vW0iqlRDp3dlCGiviVy52NEObu2cBwlFKPUJ7/:vWxqH1tHQ5hIu2xl0PA

Entry address:
0x354B

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 84, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 98, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 86, 40, 00, FF, 15, 80, 81, 40, 00, 68, 04, 86, 40, 00, 68, A0, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
25 KB (25,600 bytes)

The file dtlite4451-0236.exe has been discovered within the following program.

Dolphin  by Dolphin Development Team
Publisher's description - “Dolphin is an emulator for two recent Nintendo video game consoles: the GameCube and the Wii.”
dolphin-emu.org
About 3% of users remove it
 
Powered by Should I Remove It?

The file dtlite4451-0236.exe has been seen being distributed by the following 50 URLs.

http://letoltes.szoftverbazis.hu/yYrc8a3Jc_MLR8STBgfoQA/1487790671/.../DTLite4451-0236.exe

http://letoltes.szoftverbazis.hu/UIbFWBgxoTnT2s326gOUKQ/1452732638/.../DTLite4451-0236.exe

http://letoltes.szoftverbazis.hu/7VK76fUtDs7NhoV6uJaHIQ/1483444153/.../DTLite4451-0236.exe

http://letoltes.szoftverbazis.hu/aZcFWBJql65yJey5mfp34A/1488485445/.../DTLite4451-0236.exe

http://letoltes.szoftverbazis.hu/hkLkPOk5IcTJ02ix5x8mWw/1477668970/.../DTLite4451-0236.exe

http://letoltes.szoftverbazis.hu/iS6m1A2pxbLaKHUrs1Jbag/1481978484/.../DTLite4451-0236.exe

http://letoltes.szoftverbazis.hu/YM3VLz_qp9FqijUYw7vJ0A/1483100103/.../DTLite4451-0236.exe

http://letoltes.szoftverbazis.hu/sIS9c3-LuVd__e9gIQPt3w/1488142701/.../DTLite4451-0236.exe

http://letoltes.szoftverbazis.hu/GzE0MPl1OMRJRHwQg0X40g/1478784076/.../DTLite4451-0236.exe

http://letoltes.szoftverbazis.hu/1HfX_kZEOWwkv0Via7BVbw/1486300356/.../DTLite4451-0236.exe

http://letoltes.szoftverbazis.hu/tYWMCNxZu2LllmNfX9C1-A/1469858479/.../DTLite4451-0236.exe

http://letoltes.szoftverbazis.hu/VoDccvsOpr6b5d-rv05ILw/1473797308/.../DTLite4451-0236.exe

http://letoltes.szoftverbazis.hu/O-GopR16omjgUhcBK6SLow/1461767964/.../DTLite4451-0236.exe

http://letoltes.szoftverbazis.hu/_FuNZXD2M2qzNzi3cIomnQ/1483950130/.../DTLite4451-0236.exe

http://letoltes.szoftverbazis.hu/kdKx_yhYkZouP94xDrUgVA/1468518753/.../DTLite4451-0236.exe

http://letoltes.szoftverbazis.hu/xC8XkTG0OZNbF54mBIphjw/1483533897/.../DTLite4451-0236.exe

http://letoltes.szoftverbazis.hu/o9wk4GtwMQSCL09ACLuG1g/1474785149/.../DTLite4451-0236.exe

http://letoltes.szoftverbazis.hu/pRrg6grOPzPJ1wDtHEDFcA/1488567706/.../DTLite4451-0236.exe

http://letoltes.szoftverbazis.hu/FhDmMTH3yxiHdngOPe5o5Q/1470933151/.../DTLite4451-0236.exe

http://letoltes.szoftverbazis.hu/ExML9rcNwb-DcINGYj0OfQ/1477422366/.../DTLite4451-0236.exe

http://letoltes.szoftverbazis.hu/-NzuY4_xvXJxt4pfoPSDYA/1486664848/.../DTLite4451-0236.exe

http://letoltes.szoftverbazis.hu/tRpcB_UZGTzdkWT15RXT5A/1480610721/.../DTLite4451-0236.exe

http://letoltes.szoftverbazis.hu/S4cys6F6Oj8nA2sef6yt-g/1486486313/.../DTLite4451-0236.exe

http://letoltes.szoftverbazis.hu/DEjFP1tf895F61xRPXJRXQ/1483992021/.../DTLite4451-0236.exe

http://letoltes.szoftverbazis.hu/oNyuO1Mr8vjzcV4-i6jllQ/1467335125/.../DTLite4451-0236.exe

http://letoltes.szoftverbazis.hu/wFG-7A_sDpbewH5lYy1-Iw/1470823340/.../DTLite4451-0236.exe

http://letoltes.szoftverbazis.hu/RWAAU5c_uEISCneWpDl2sQ/1482092490/.../DTLite4451-0236.exe

http://letoltes.szoftverbazis.hu/2vk7_3jQDfj1GuEul-u6Hw/1481314851/.../DTLite4451-0236.exe

http://letoltes.szoftverbazis.hu/AjyOB7XdxD8QH6s7pGgoXw/1475652406/.../DTLite4451-0236.exe

http://letoltes.szoftverbazis.hu/YguCkg29-GWOgAsIyT9YDg/1486800666/.../DTLite4451-0236.exe

Latest 30 of 1,441 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to mail.duplexsecure.com  (212.117.175.144:80)

TCP (HTTP):
Connects to mydtzone.com  (62.109.7.79:80)

TCP (HTTP):
Connects to ip-static-94-242-254-9.server.lu  (94.242.254.9:80)

TCP (HTTP):
Connects to cix030.tsimtung.com  (202.181.196.30:80)

Remove dtlite4451-0236.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.