» dd23163c.exe
Overview
Analysis
File Details
Behaviors (1)

dd23163c.exe

The executable dd23163c.exe has been detected as malware by 25 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘dd23163’.

File name:

dd23163c.exe

MD5:

da2ddae066f73a22172f95b43fa4ebdf

SHA-1:

39579e311ff2b61a5f02f8ede381dd3e1d112825

SHA-256:

53cff1a351e45c1dbdc6dd0d2cf0a3b2504089d366b5d3a1b07c192377032a76

Scanner detections:

25 / 68

Status:

Malware

Analysis date:

5/10/2024 7:35:43 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Zusy.122134

655

AhnLab V3 Security

Trojan/Win32.MDA

2015.01.16

Avira AntiVirus

TR/Crypt.Xpack.134494

7.11.201.138

avast!

Win32:Malware-gen

2014.9-150421

AVG

Inject2

2016.0.3133

Baidu Antivirus

Trojan.Win32.Ransomlock

4.0.3.15421

Bitdefender

Gen:Variant.Jaik.5637

1.0.20.60

Dr.Web

Trojan.Packed.29370

9.0.1.0111

Emsisoft Anti-Malware

Gen:Variant.Zusy.122134

8.15.04.21.08

ESET NOD32

Win32/Injector.BSSQ trojan

7.0.302.0

Fortinet FortiGate

W32/BSSQ!tr

4/21/2015

F-Secure

Suspicious:W32/Malware.39579e311f!Online

5.13.68

G Data

Gen:Variant.Zusy.122134

15.4.24

IKARUS anti.virus

Trojan.Win32.Injector

t3scan.1.8.6.0

K7 AntiVirus

Trojan

13.191.14655

Kaspersky

Trojan-Ransom.Win32.Blocker

14.0.0.2158

Malwarebytes

Trojan.Agent.0BGen

v2015.01.12.07

McAfee

RDN/Generic.hra!cd

5600.6789

Microsoft Security Essentials

Ransom:Win32/Crowti

1.11302

MicroWorld eScan

Gen:Variant.Zusy.122134

16.0.0.333

Panda Antivirus

Trj/CI.A

15.04.21.08

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

Suspicious_GEN.F47V0113

7.2.111

Vba32 AntiVirus

SScope.Malware-Cryptor.Ngrbot.1315

3.12.26.3

File size:

240.5 KB (246,272 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\startup\dd23163c.exe

File PE Metadata

Compilation timestamp:

1/12/2015 3:20:01 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:G53YOhkRD16IJNiWbDHqzJ0ly7o80ynTbw7MFV8EFIys8iBlXuMqYHC:w3YOh+6IJNiWPH4O61nTknESy5CQE

Entry address:

0x3DBD

Entry point:

E8, 50, 42, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 44, 24, 08, 8B, 4C, 24, 10, 0B, C8, 8B, 4C, 24, 0C, 75, 09, 8B, 44, 24, 04, F7, E1, C2, 10, 00, 53, F7, E1, 8B, D8, 8B, 44, 24, 08, F7, 64, 24, 14, 03, D8, 8B, 44, 24, 08, F7, E1, 03, D3, 5B, C2, 10, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 53, 56, 8B, 44, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 14, 8B, 44, 24, 10, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 0C, F7, F1, 8B, D3, EB, 41, 8B, C8, 8B, 5C, 24, 14, 8B, 54, 24, 10, 8B... 
[+]

Entropy:

6.4175

Code size:

59.5 KB (60,928 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

dd23163

Command:

C:\dd23163c\dd23163c.exe

Remove dd23163c.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.