home

dtlite4471-0333-aoc-jd.exe

Daemon tools

Sevas-S LLC

The application dtlite4471-0333-aoc-jd.exe by Sevas-S has been detected as adware by 18 anti-malware scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from dc607.4shared.com and multiple other hosts.
Publisher:
Sevas-S LLC  (signed and verified)

Product:
Daemon tools

Version:
1.0.0.0

MD5:
d8e6d44b358ad106bf11c7157362b2c2

SHA-1:
a0416dcb4e627281ef7f115151c52da333ea4064

SHA-256:
6ae8d7e2335d479da3f5b0b681c8d6dbc6909c22284698bddfc238cf1fb093e2

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
4/18/2024 8:34:45 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.OpenCandy
7.1.1

AVG
Downloader
2015.0.3508

Bkav FE
W32.Clod301.Trojan
1.3.0.4613

Comodo Security
Application.Win32.OpenCandy.~WD
17573

Dr.Web
Adware.Downware.1446
9.0.1.0360

ESET NOD32
Win32/JoyDownloader
7.9123

Fortinet FortiGate
W32/JoyDownloader.A
4/10/2014

herdProtect (fuzzy)
variant of tc850_b8-aoc-jd.exe (Adware)
2014.1.5.16

Kaspersky
not-a-virus:AdWare.Win32.OpenCandy
14.0.0.4037

Malwarebytes
PUP.Optional.OpenCandy
v2013.12.26.10

McAfee
Artemis!DEF32AE932B4
5600.7259

nProtect
Adware/W32.Agent.486728
13.12.23.01

Reason Heuristics
PUP.SevasS.W
14.8.7.20

Rising Antivirus
PE:PUF.OpenCandy!1.9DE5
23.00.65.131224

Sophos
Generic PUA KA
4.98

Trend Micro House Call
TROJ_GEN.F47V1024
7.2.360

Trend Micro
ADW_OPENCANDY
10.465.10

VIPRE Antivirus
Sevas-S Installer
28115

File size:
475.4 KB (486,768 bytes)

Copyright:
Copyright (C) Radiocom

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\dtlite4471-0333-aoc-jd.exe

Digital Signature
Signed by:
Sevas-S LLC

Authority:
VeriSign, Inc.

Valid from:
1/23/2013 1:00:00 AM

Valid to:
2/23/2014 12:59:59 AM

Subject:
CN=Sevas-S LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Sevas-S LLC, L=Kyiv, S=Kyivska oblast, C=UA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
527471E53862E2F90AB45ED4ACB8F4C2

File PE Metadata
Compilation timestamp:
5/20/2013 1:52:54 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:baCazy7tvFhjs17FEUDTTup+Ts9PJYz5jtNcB+/TRfYT:Fk+Fhm7FjDHuzJYz5jtXTBYT

Entry address:
0x31B1

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 34, 71, 40, 00, 55, FF, 15, AC, 72, 40, 00, 6A, 08, A3, 58, 92, 42, 00, E8, 90, 2E, 00, 00, A3, A4, 91, 42, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, 58, 06, 42, 00, FF, 15, 7C, 71, 40, 00, 68, C0, 92, 40, 00, 68, A0, 81, 42, 00, E8, FB, 2A, 00, 00, FF, 15, 38, 71, 40, 00, BB, 00, 40, 43, 00, 50, 53, E8, E9, 2A, 00, 00...
 
[+]

Code size:
23.5 KB (24,064 bytes)

The file dtlite4471-0333-aoc-jd.exe has been seen being distributed by the following 4 URLs.

http://dc607.4shared.com/download/.../dtlite4471-0333-aoc-jd.exe

https://www.hightail.com/download/.../directDownload&fl=SWhZekZwYUlmVFlYRHROU3dXL3VnVE9yZWt5UmdteDRsUjJuWENHRzVZbz0

http://dc701.4shared.com/download/.../dtlite4471-0333-aoc-jd.exe

http://www.joydownload.com/d/.../DTLite4471-0333-aoc-jd.exe

Remove dtlite4471-0333-aoc-jd.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.