home

DDL_Manager.exe

Kreapixel

The application DDL_Manager.exe by Kreapixel has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a setup program which is used to install the application. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider. The file has been seen being downloaded from clic.illyx.com and multiple other hosts.
Publisher:
Kreapixel  (signed and verified)

Version:
3.3.8.1

MD5:
a0ef8a7c030a6d99750d57fd70f1deea

SHA-1:
ee20860dc00458b953f97b60513cc774cf2a60de

SHA-256:
aeb733f3eb5a5c314bd282ac44f8d861ff7595f39fbbb9903945d60a1d239121

Scanner detections:
5 / 68

Status:
Potentially unwanted

Explanation:
The software may change the browser's home page and search provider settings as well as display advertisements.

Analysis date:
4/27/2024 4:23:12 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.Crossrider.9
9.0.1.0103

G Data
Win32.Application.KreaPixWebplayer
14.4.24

McAfee
Artemis!A0EF8A7C030A
5600.7161

Reason Heuristics
PUP.Kreapixel.L
14.4.13.23

Sophos
Kreapixel
4.97

File size:
756.3 KB (774,456 bytes)

File type:
Executable application (Win32 EXE)

Language:
French (France)

Common path:
C:\users\{user}\downloads\ddl_manager.exe

Digital Signature
Signed by:
Kreapixel

Authority:
Thawte, Inc.

Valid from:
4/27/2013 8:00:00 PM

Valid to:
4/28/2014 7:59:59 PM

Subject:
CN=Kreapixel, OU=24, O=Kreapixel, L=Bergerac, S=Dordogne, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
73E829C616F33571512B97CC95565619

File PE Metadata
Compilation timestamp:
1/29/2012 4:32:28 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:h6Wq4aaE6KwyF5L0Y2D1PqLIuAZ5S7lu4BpFohk3ul2ZougxClCWpDykN4CUdCr/:3thEVaPqLI9Zc5u4Bwea2adnWpDiCUO/

Entry address:
0xE6EE0

Entry point:
60, BE, 00, 50, 4A, 00, 8D, BE, 00, C0, F5, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.8779

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
268 KB (274,432 bytes)

The file DDL_Manager.exe has been seen being distributed by the following 4 URLs.

http://clic.illyx.com/aff_c?offer_id=399&aff_id=3778&source=tousstreaming

http://clic.illyx.com/aff_c?offer_id=399&aff_id=1474

http://clic.illyx.com/aff_c?offer_id=399&aff_id=3892&source=ach

http://softs.illyx.com/.../dl.php?l=ddlmanagerfr&telecharger=DDL_Manager

Remove DDL_Manager.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.