Gridinsoft Logo
File Icon

The DTLite4491-0356.exe (DAEMON Tools Lite Setup) File Analysis

Updated 1 year ago
Checked by Malware Check
DTLite4491-0356.exe

Technical Analysis

File Name DTLite4491-0356.exe
File Type
Win32 EXE
Magic Bytes PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
SSDEEP Hash
393216:QLs07IN85R03BKr56mlQ0kWrGoH0dYuP63JpHNl/KJ:QJoG6i7kWrGoHfnk
Scanner Version 1.0.168.174
Database Version 2024-03-05 10:00:29 UTC

Suspicious File Detected

Detected by 28 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
42%
Detection Rate
13,429,504
File Size (bytes)
28/67
Engines Detected
2024-03-05
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
0fa6cd1de96bde0431c1c91904f6d040
SHA1
e750c443a83f9b135b499e7917c5a93120384bb3
SHA256
17761e85fbd73ba7f17f6862c530e982b8e5778fb509be6bcf749078c55f1bb0
SHA512
ea999c363f8b76b8859362115b73cda7c995ba7cfcb434d9ed9114d0bb5660cb24e8d19afcc2606fa3a7faf7ca154c37453cde336c47f4c7c52544aea95bc6fb
ImpHash
b729b61eb1515fcf7b3e511e4e66258b

Security Engines with Detections (28 of 67)

Bkav
W32.Common.817A891D Malicious
Elastic
malicious (high confidence) Malicious
McAfee
Artemis!0FA6CD1DE96B Malicious
Cylance
unsafe Malicious
Zillya
Adware.OpenCandy.Win32.3999 Malicious
K7AntiVirus
Adware ( 004b8f4e1 ) Malicious
K7GW
Adware ( 004b8f4e1 ) Malicious
CrowdStrike
win/grayware_confidence_100% (W) Malicious
Symantec
PUA.OpenCandy Malicious
ESET-NOD32
Win32/DownWare.L potentially unwanted Malicious
NANO-Antivirus
Riskware.Win32.OpenCandy.eyxado Malicious
Rising
Adware.OpenCandy!1.CC17 (CLASSIC) Malicious
Emsisoft
Application.AdInstall (A) Malicious
F-Secure
PotentialRisk.PUA/OpenCandy.Gen Malicious
DrWeb
Adware.OpenCandy.238 Malicious
TrendMicro
ADW_OPENCANDY Malicious
GData
Win32.Adware.OpenCandy.P Malicious
Avira
PUA/OpenCandy.Gen Malicious
Antiy-AVL
GrayWare[AdWare]/Win32.OpenCandy.a Malicious
Xcitium
ApplicUnwnt@#qdr20z9gjc6p Malicious
ViRobot
Adware.Opencandy.13429504 Malicious
Microsoft
PUADlManager:Win32/Somoto Malicious
Varist
W32/OpenCandy.C.gen!Eldorado Malicious
Malwarebytes
PUP.Optional.OpenCandy.DDS Malicious
TrendMicro-HouseCall
ADW_OPENCANDY Malicious
Yandex
PUA.OpenCandy!xiKSzNx3TPM Malicious
Fortinet
Riskware/OpenCandy Malicious
DeepInstinct
MALICIOUS Malicious
39 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: 281e7a5ec2a4b62c97fedff3789ae820
Fuzzy: c98f96d6ffe5af8d4eb0870c1dc20826
dHash: b2e1b496a6cada72
Image Base 0x00400000
Entry Point 0x0040354b
Compilation Time 2010-04-10 12:19:31
Checksum 0x00cde70d (Actual: 0x00cde70d)
OS Version 5.0
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Digital Signature SpcIndirectDataContent.digestAlgorithm must be one of ['md5', 'sha1', 'sha256', 'sha384', 'sha512'], not 1.2.840.113549.1.1.5
Imports 8 libraries
KERNEL32, USER32, GDI32, SHELL32, ADVAPI32, COMCTL32, ole32, VERSION
Exports 0 functions
Resources 13 Resources
Sections 5 Sections

Version Information

CompanyName Disc Soft Ltd
FileDescription DAEMON Tools Lite Setup
FileVersion 4.49.1.0356.0
InternalName DAEMON Tools Lite4.49.1.0356.exe
LegalCopyright Copyright (C) 2004-2012
OriginalFilename DAEMON Tools Lite4.49.1.0356.exe
ProductName DAEMON Tools Lite
ProductVersion 4.49.1.0356.0
Translation 0x0000 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 25,506 bytes 25,600 bytes 6.48 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ 3291075913C14A1799655A261FB21CCA
.rdata 0x00008000 6,386 bytes 6,656 bytes 4.89 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 170563E94DE7EBFD6E622A164CE38C8A
.data 0x0000a000 419,484 bytes 512 bytes 1.43 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 23D69B1E3A55DEE07701198B7650A06B
.ndata 0x00071000 4,460,544 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.rsrc 0x004b2000 10,584 bytes 10,752 bytes 4.56 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ A4A57B40CA5117EC48221CD0E4633486

Resource Analysis

Total Resources: 13 (9,784 bytes)
Resource Type Count Total Size Percentage
RT_BITMAP 1 1,638 bytes
16.7%
RT_ICON 4 4,640 bytes
47.4%
RT_DIALOG 5 1,630 bytes
16.7%
RT_GROUP_ICON 1 62 bytes
0.6%
RT_VERSION 1 852 bytes
8.7%
RT_MANIFEST 1 962 bytes
9.8%

Certificate Chain Analysis

Certificate Information
Product DAEMON Tools Lite
Description DAEMON Tools Lite Setup
File Version 4.49.1.0356.0
Original Name DAEMON Tools Lite4.49.1.0356.exe
Signing Date 09:20 AM 03/04/2014 (4126 days ago)
Verification Status Signed
Signers Disc Soft Ltd; GlobalSign CodeSigning CA - G2; GlobalSign Root CA - R1
Counter Signers GlobalSign TSA for MS Authenticode - G1; GlobalSign Timestamping CA - G2; GlobalSign Root CA - R1
Internal Name DAEMON Tools Lite4.49.1.0356.exe
Copyright Copyright (C) 2004-2012
Certificate Chain Summary
Disc Soft Ltd #1 Primary
Validity Period: 2014-02-21 16:58:31 → 2015-05-30 17:52:02
Signature Algorithm: sha1RSA
Serial Number: 11 21 35 2E 0B 20 23 D1 A7 51 88 6D CB E9 7D 37 79 5E
GlobalSign CodeSigning CA - G2 #2 Chain
Validity Period: 2011-04-13 10:00:00 → 2019-04-13 10:00:00
Signature Algorithm: sha1RSA
Serial Number: 04 00 00 00 00 01 2F 4E E1 35 5C
GlobalSign TSA for MS Authenticode - G1 #3 Chain
Validity Period: 2013-08-23 00:00:00 → 2024-09-23 00:00:00
Signature Algorithm: sha1RSA
Serial Number: 11 21 40 5C 1F 0E D2 58 88 2B E5 4D 86 86 BA 11 EA 45
GlobalSign Timestamping CA - G2 #4 Chain
Validity Period: 2011-04-13 10:00:00 → 2028-01-28 12:00:00
Signature Algorithm: sha1RSA
Serial Number: 04 00 00 00 00 01 2F 4E E1 52 D7

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

SpcIndirectDataContent.digestAlgorithm must be one of ['md5', 'sha1', 'sha256', 'sha384', 'sha512'], not 1.2.840.113549.1.1.5

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
28 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware