home

AnyDVD.exe

AnyDVD

SlySoft, Inc.

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘AnyDVD’.
Publisher:
SlySoft, Inc.

Product:
AnyDVD

Description:
AnyDVD Application

Version:
6.1.3.2

MD5:
8971828ce91f442c363fb3291a641a74

SHA-1:
2de6a1c035dd77c44eadba7098e197cda29316db

SHA-256:
93eaf11e4b633c1b5ecc35eddad728743160fb8f518c017e243573255d76d703

Scanner detections:
6 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
5/15/2024 1:14:47 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.Packed
1.3.0.4959

F-Prot
W32/Heuristic-210
v6.4.7.1.166

Quick Heal
(Suspicious) - DNAScan
12.15.14.00

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.151226

VIPRE Antivirus
Trojan.Win32.Generic
34690

Zillya! Antivirus
Worm.Zhelatin.Win32.1
2.0.0.1980

File size:
347.8 KB (356,197 bytes)

Product version:
6.1.3.2

Copyright:
Copyright 2002 - 2007 SlySoft, Inc.

Trademarks:
AnyDVD and SlySoft are trademarks of SlySoft, Inc.

Original file name:
AnyDVD.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\slysoft\anydvd\anydvd.exe

File PE Metadata
Compilation timestamp:
3/15/2007 11:57:37 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
6144:Pp4vcvUXgPoZhzAlhyxq0bgEW91QMsyAONOxIJ6swjs8DRIm37JMVhQ5FCifF/:N/QkGxxNEKlWJhwjs8DRIiaVu5kifF/

Entry address:
0xB6288

Entry point:
E8, 03, 00, 00, 00, EB, 01, C2, BB, 55, 00, 00, 00, E8, 03, 00, 00, 00, EB, 01, E8, E8, 8F, 00, 00, 00, E8, 03, 00, 00, 00, EB, 01, E9, E8, 82, 00, 00, 00, E8, 03, 00, 00, 00, EB, 01, E9, E8, B8, 00, 00, 00, E8, 03, 00, 00, 00, EB, 01, C2, E8, AB, 00, 00, 00, E8, 03, 00, 00, 00, EB, 01, E9, 83, FB, 55, E8, 03, 00, 00, 00, EB, 01, E9, 75, 2E, E8, 03, 00, 00, 00, EB, 01, E9, C3, 60, E8, 00, 00, 00, 00, 5D, 81, ED, 33, 3F, 42, 00, 8B, D5, 81, C2, 82, 3F, 42, 00, 52, E8, 01, 00, 00, 00, C3, C3, E8, 03, 00, 00...
 
[+]

Entropy:
7.9013

Packer / compiler:
yoda's Protector v1.03.2

Code size:
489 KB (500,736 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
AnyDVD

Command:
"C:\Program Files\slysoft\anydvd\anydvd.exe"


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to nl.redfox.bz  (93.190.142.127:80)

Scan AnyDVD.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.