Prevx Research Division
DAP-OLD.EXE
Cloaked MalwareFree PC Cleanup from Webroot
Use Webroot SecureAnywhere to remove DAP-OLD.EXE.
"Just when you thought it couldn't get any better or faster. The Webroot scanning engine is 'high octane' with a hidden nitrous oxide system. Bravo!!!" W. Lodzinski, SecureAnywhere User
Associated Malware Groups
The unsafe files using this name are associated with the malware groups:
- Cloaked Malware
- Malicious Software
File Behavior
DAP-OLD.EXE has been seen to perform the following behavior:
- The Process is packed and/or encrypted using a software packing process
- The Process is polymorphic and can change its structure
- Communicates with other computers using FTP connections
- This Process can access Web Mail Servers
- Adds a Registry Key (RUN) to auto start Programs on system start up
- Adds new menu items in the Internet Explorer Right Click menu
- Creation and Registers a Browser Helper Object in Internet Explorer
- Adds a Registry Key (RUNONCE) to auto start Programs on system start up
- Changes to the file command map within the registry
- Can communicate with other computer systems using HTTP protocols
- This process creates other processes on disk
- This Process Deletes Other Processes From Disk
- Executes a Process
- Registers a Dynamic Link Library File
- Creates a TCP port which listens and is available for communication initiated by other computers
- Enables an In Process Object/Server - Common with DLL Injections
- Found on infected systems and resists interrogation by security products
- Adds products to the system registry
- Makes outbound connections to other computers using NETBIOSOUT protocols
- Writes to another Process's Virtual Memory (Process Hijacking)
- Creates new file extentions so that Internet Explorer will automatically open and potentially execute additional file types
- Modifies the User Shell objects used to run code from other processes
- Executes Processes stored in Temporary Folders
DAP-OLD.EXE has been the subject of the following behavior:
- Executed as a Process
- Executed by Internet Explorer
- Deleted as a process from disk
- Created as a process on disk
- Has code inserted into its Virtual Memory space by other programs
- Changes to the file command map within the registry
- Added as a Registry auto start to load Program on Boot up
- Terminated as a Process
- Registered as a Dynamic Link Library File
Country Of Origin
The filename DAP-OLD.EXE was first seen on May 8 2007 in the following geographical regions of the Webroot community:
- The United States on May 8 2007
- Iran, Islamic Republic of on May 8 2007
- Spain on May 17 2007
- Netherlands on May 22 2007
- Brazil on May 22 2007
- France on May 27 2007
- Canada on Oct 14 2007
- Italy on Dec 4 2007
- Turkey on May 23 2012
File Name Aliases
DAP-OLD.EXE can also use the following file names:
- DAP531.EXE
- DOWNLOADACCELERATOR_53.EXE
- DOWNLOAD ACCELERATOR 53.EXE
- DAP-5.3.EXE
- DAP53(ACELERADOR DE DESCARGA).EXE
- DAP 5.3.EXE
- DOWNLOAD ACELERATOR 5.3.EXE
- DAP5.EXE
- DOWNLOAD ACCELERATOR PLUS 5.3~.EXE
- DOWNLOADACCLERATOR5 3.EXE
- DOWNLOADACCELARATOR53.EXE
- DAP.EXE.BAK
- DAP (n).EXE
- DOWNLOAD ACCELERATOR PLUS 5.3.EXE
- DAP53.EXE
- DAP.EXE
- DF26.EXE
- 08636455.DAT
- 10810146.EXE
Filesizes
The following file size has been seen:
- 693,248 bytes
- 1,743,316 bytes
- 2,911,744 bytes
- 3,717,336 bytes
- 2,245,424 bytes
- 1,750,351 bytes
- 733,184 bytes
File Type
The filename DAP-OLD.EXE refers to many versions of an executable program.
Help the Webroot Community to fight cyber crime
We are always looking for ways to improve the quality and speed of research to help us protect you from malicious software and cyber crime.
PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.