GridinSoft Threat Intelligence
DpEditor.exe threat report
GridinSoft Anti-Malware detection
Detected by GridinSoft before you download
The current ThreatInfo record shows this exact file hash detected as Trojan.Heur!. Download GridinSoft Anti-Malware to scan the device, confirm whether this file is present, and remove the detected object if it is found.
- Detection name
- Trojan.Heur!
- Recommended action
- Scan and remove
- Last analysis
- 2021-11-12 21:36:30 (4 years ago)
- File hash
- 080aaa91e4bce140bebec59095ebde87
Why it matters
Why GridinSoft flags this file
GridinSoft identifies the sample as Trojan.Heur!.
First seen 2021-11-12 21:36:25 (4 years ago); latest analysis 2021-11-12 21:36:30 (4 years ago).
Company metadata: Promt Asus Corp..
Signed by Telegram FZ-LLC. The signature is not reported as trusted and valid, which can indicate tampering, repackaging, or copied publisher data.
ThreatInfo has seen this file in user or system paths listed below. Unexpected locations increase the need for local verification.
Recommended action
What to do next
- Compare the MD5 above with the file found on the device.
- Check whether the file appears in the observed locations or under one of the alternate names.
- Run GridinSoft Anti-Malware to confirm the detection and remove the file if it is present.
File context
DpEditor.exe is a Windows file recorded in the ThreatInfo database. The reported company name is Promt Asus Corp.. The current detection status is Trojan.Heur!, based on the latest analysis from 2021-11-12 21:36:30 (4 years ago).
If DpEditor.exe appears on your computer unexpectedly, treat it as suspicious. Check its location, digital signature, and recent system changes before allowing it to run. A full anti-malware scan is recommended when this file is detected as Trojan.Heur!.
File Details
| Company Name: | Promt Asus Corp. |
| MD5: | 080aaa91e4bce140bebec59095ebde87 |
| Size: | 2 MB |
| First Published: | 2021-11-12 21:36:25 (4 years ago) |
| Latest Published: | 2021-11-12 21:36:30 (4 years ago) |
| Status: | Trojan.Heur! (on last analysis) | |
| Analysis Date: | 2021-11-12 21:36:30 (4 years ago) |
Detection screenshot
The screenshot is a visual record of a GridinSoft Anti-Malware detection for this sample. Use the hash and metadata above as the primary identifiers when comparing the file on your system.
Overview
| Signed By: | Telegram FZ-LLC |
| Status: | Invalid (digital signature could be stolen or file could be patched) |
The signature on DpEditor.exe is not reported as trusted and valid. Invalid or suspicious signature data can indicate tampering, repackaging, or an unrelated file using copied publisher information.
Common Places:
| %appdata%\nch software |
| %temp% |
ThreatInfo has observed DpEditor.exe in the locations listed above. Files found in temporary folders, user profile folders, startup locations, or unusual application directories should be reviewed more carefully than files installed under a known program directory.
Geographic signal
Observed country distribution
ThreatInfo has seen DpEditor.exe across 1 countries. Use this signal to compare local evidence with where the sample is most often reported.
The strongest geographic signal for this file is Mexico with 100.0% of observed hits. Geographic distribution can help identify targeted campaigns, regional software bundles, or where a file is most commonly reported.
OS Version:
The most common operating system signal for DpEditor.exe is Windows 10 with 100.0% of observed hits. If your system differs from the common profile, check whether the file was introduced by a specific installer, archive, or removable device.
Analysis
DpEditor.exe is identified as pe for 32-bit systems. The subsystem is Windows GUI. PE header values are useful for triage, especially when they do not match the expected publisher, product, or release timeline.
PE Sections:
Section layout highlights raw-size concentration, repeated names, packer markers, and hashes that can be compared across related samples.
6d376e81ec18e19ec185a8675268748d
541b3f49a29648149462da99c3b60718
ee658e43b108239663412357bfb3bfa9
82eeaa33ed004fb6cd4e6eb6616bbf5d
6918847b67e6daa6e15420022a4ef111
bd48dc8ffd2fbabd62808b0b09fec4b0
37bcf3a7737b9d279f2fae3a1b821b62
3b35aad6cf2c3e4a918f82f7e8538622
67c35350df150a50943514dc3cb251f0
e3363ba19e66f967fd2a5ea98d4cbb72
c555b9c1de9203344e91398043e6be4a
71fa722d8d4868eaae6843016b7e74be
6163cffe18974f11369ee0e9c9f3eeff
e7576e93254ae1becdbfdf4af982e9fe
1944f338cdc6c2d50f8cb0227b358e13
dba4803d897f5303689950db7ed944ee
5ba49bd63ffcc97b60f8fd64de038a58
716d8631d8870765dec43127d3c0439d
d5f030888c11700621c1ddd53fcc926b
770db6d8b150dd2b299e2eef9d1bd358
78a12aa281323123b4b2b0cf4e4d8127
f38d5e3ab0c99bda23fcc83fb973b5c6
8df65ef750a2028ff82adcce2f1e178f
959e0f85742e1a0188ba5cd2ae156b66
fbc746fb17fc003d8368f12dbb3458d4
4a11e85048710faf9194880ac4f9878f
8950777840e16f4cd073af7cff6e1f5f
086bee83fda62fb4082b22ef5a4cc465
aafbf0a88d9018c5bb7ff2f9df2c10f0
1bc863d710e01dd6cf680c6a6e24388b
a49ff7e5bcadf9fbd12e355472929bba
8c2ff388f8ee1156b24179a0b01968e1
59cca9fbd488db7213f139c5bfd95443
aaee0d7af0072aa4dff2bfa9fde2d833
c49517fbe98fe91c30b07273639c4554
2c047a8c0ebf52d6d0d090086ba46902
b5d13359ab9179e1a066601fd89e07fe
924d9eabd2e32907733f2019c5fab6ef
f849f02a56a3dccbdc8111f617429f92
4c8f3e01a0caba7007bf7a5d7dbacd51
6bb57f737cc9ac17415c2bdf53f74897
a8cc959eb6d6883a32539fc17ba8d802
80e3926082b9239c5b714b0ec2f59fe2
172c3387b701b1b4b17b7ce853911f7d
2bd3453b7ae8b0df4bd1d2a8b3e284f4
3835a77eaf1c13561ad5cf515b4080c7
113ea6fa29523ac30ac0ac89da5f63fa
904321b5314cc09e462701ab99ae0301
395e1e4a1d9370f40832440cd1ec4262
60968a7fa3e7845922c6ebc0ebc2eb6f
932cb426f602e10f2918f106fa20fbaa
f6425bd215c0e57732d1ec2ffc6b9236
ce22ce425045e45832049edd590aa788
204be40dd57f0a20cb02b7152291fb62
6f66458d7f1e40ce76962e8931e34296
PE section names and hashes can reveal packing, injected resources, or unusual build artifacts. Sections with uncommon names, very large raw data, or hashes that differ from a trusted copy deserve additional review.
Report conclusion
GridinSoft detects this file as Trojan.Heur!
This report identifies DpEditor.exe by MD5 080aaa91e4bce140bebec59095ebde87. If the same file is present on your device, scan the system and remove the detected object after confirming the hash and location.