» bgdomckededombuilders.xhtm5
Overview
Analysis
File Details
Behaviors (1)

bgdomckededombuilders.xhtm5

Ding Ruan

The file bgdomckededombuilders.xhtm5 by Ding Ruan has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a windows Service named “Bgdomckededom Builder”.

File name:

Publisher:

Ding Ruan (signed and verified)

MD5:

fcc1b9b5f5b7ee9af6cd38d1f63dd471

SHA-1:

dc0f2c7301ac00c1cdfe184e62388d5f521a3619

SHA-256:

2f2902fac8410e743ab04afd7fb7d40f46723f76778c6fe3012a1e33c5992e77

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

5/17/2025 9:38:13 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ELEX.DingRuan (M)

16.6.14.11

File size:

686.2 KB (702,688 bytes)

Common path:

C:\Program Files\bgdomckededom\bgdomckededombuilders.xhtm5

Digital Signature

Signed by:

Ding Ruan

Authority:

thawte, Inc.

Valid from:

6/10/2016 7:00:00 AM

Valid to:

4/14/2017 6:59:59 AM

Subject:

CN=Ding Ruan, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

3C1EB2CCB3977195241117686AFEF531

File PE Metadata

Compilation timestamp:

6/13/2016 3:04:44 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

12288:qQK5tgnYnnd5zY9ET6FenkFp8dhlrasP9NoyH2hip2YTs6IaVHVddNS:ytgninwDFenypGP+sPJJ2YTxzS

Entry address:

0x41D72

Entry point:

E8, 44, 42, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, FF, 15, B8, 90, 47, 00, 6A, 01, A3, 14, 40, 4A, 00, E8, 91, 47, 00, 00, FF, 75, 08, E8, 26, 47, 00, 00, 83, 3D, 14, 40, 4A, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 77, 47, 00, 00, 59, 68, 09, 04, 00, C0, E8, F4, 46, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, C7, 3A, 01, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, F8, 3D, 4A, 00, 89, 0D, F4, 3D, 4A, 00, 89, 15, F0, 3D, 4A, 00, 89, 1D, EC, 3D, 4A, 00, 89, 35, E8, 3D, 4A, 00, 89, 3D, E4... 
[+]

Entropy:

6.7011

Code size:

477 KB (488,448 bytes)

Service

Display name:

Bgdomckededom Builder

Service name:

BgdomckededomBuilders

Description:

Manages devices for the Bgdomckededom.

Type:

Win32OwnProcess, InteractiveProcess

Remove bgdomckededombuilders.xhtm5 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.