home

ddores.dll

System operacyjny Microsoft Windows

Microsoft Corporation

It is included with the Windows 7 OS. The file has been seen being downloaded from mail-attachment.googleusercontent.com.
Publisher:
Microsoft Corporation

Product:
System operacyjny Microsoft® Windows®

Description:
Informacje i zasoby dotyczące kategorii urządzeń

 
Part of the Windows 7 Operating System

Version:
6.1.7600.16385 (win7_rtm.090713-1255)

MD5:
bbf9112cb6f98ba498a59ffeea177178

SHA-1:
38f8de7a364ddd70ef613e79f3165ad069a73a26

SHA-256:
55d6909dcd456ca415bc4504a85e0f574db8648d9d5dfd096e4fe36b6bd6e81e

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/26/2024 1:28:33 PM UTC  (today)

File size:
6 MB (6,281,216 bytes)

Product version:
6.1.7600.16385

Copyright:
© Microsoft Corporation. Wszelkie prawa zastrzeżone.

Original file name:
DeviceCategories.dll.mui

File type:
Dynamic link library (Win64 DLL)

Language:
Polish (Poland)

Common path:
C:\Windows\System32\ddores.dll

File PE Metadata
Compilation timestamp:
7/14/2009 3:26:36 AM

OS version:
6.1

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
98304:fYU7KbUIfPdY0319q858oFfys7f5KrPp23VAVFaEVnXWpF/tWS:fcoIWwI85Gs7fl3VUaEVnXEV

Entry address:
0x63C0

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, 97, 01, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, CF, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, F1, 1C, 00, 00, 75, 12, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 03, C2, 00, 00, 48, C1, C9, 10, E9, 04, 02, 00, 00, CC, CC, CC, CC, CC, CC, FF, 25, 4C, AC, FF, FF, CC, CC, CC, CC...
 
[+]

Code size:
24.5 KB (25,088 bytes)

The file ddores.dll has been seen being distributed by the following URL.

https://mail-attachment.googleusercontent.com/attachment/u/.../?ui=2&ik=9430f6e833&view=att&th=1379efc4b680cccf&attid=0.1&disp=safe&realattid=f_h2uq221m0&zw&saduie=AG9B_P-FDZZvRvKLu3drdxdkaDOT&sadet=1338422705174&sads=RecgtjTzWSA1yy8zpzg2nLz2syI&sadssc=1

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.