home

dd.exe

IP Labs GmbH

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Device Detection’.
Publisher:
IP Labs GmbH  (signed and verified)

Version:
1.14.1.0

MD5:
f861a74519dacd06e39922d58ec047a7

SHA-1:
e454021d1e6360ac0f30427744b1c138a6887a0f

SHA-256:
1ca0ab493e0ef2118f7d04b8b816c2e616869fd3f2971b2b0ff0a0fa4acb8ba2

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/15/2025 9:15:26 PM UTC  (today)

File size:
837.3 KB (857,384 bytes)

Product version:
1.0

Copyright:
Copyright (C) 2016 by ip.labs GmbH

File type:
Executable application (Win32 EXE)

Language:
German (Germany)

Common path:
C:\Program Files\photosi\mycomposer\dd.exe

Digital Signature
Signed by:
IP Labs GmbH

Authority:
thawte, Inc.

Valid from:
12/21/2015 1:00:00 AM

Valid to:
6/17/2016 1:59:59 AM

Subject:
CN=IP Labs GmbH, OU=APPLICATION DEVELOPMENT, O=IP Labs GmbH, L=Bonn, S=Nordrhein-Westfalen, C=DE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
65ECE2C83A1BF44C1DBACCD6CAAE4A6E

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:K5FJs5dsBtFWAGvoQ/pGA9pAPX+ernZ6cvSajSoazJ/cN/vYFEz:6F6oB+AGvoypGAMOerZX5Mzlctus

Entry address:
0xA7FAC

Entry point:
55, 8B, EC, 83, C4, F0, B8, D4, 65, 4A, 00, E8, BC, F1, F5, FF, E8, 9B, DB, FF, FF, E8, FE, C9, F5, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 32, 13, 8B, C0, 00, 8D, 40, 00, 00, 8D, 40, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
667 KB (683,008 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Device Detection

Command:
C:\Program Files\photosi\mycomposer\dd.exe


Scan dd.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.