» didi dan friends.exe
Overview
Analysis
File Details
Behaviors (1)

didi dan friends.exe

DungCoi

The executable didi dan friends.exe has been detected as malware by 28 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘dc2k5’.

File name:

Product:

DungCoi

Version:

1.00

MD5:

848faa8c98527e6e7b7edb8570d33ee6

SHA-1:

3e41760e75be8c9a3d1d9463d0963a2bc670376a

Scanner detections:

28 / 68

Status:

Malware

Analysis date:

4/29/2024 9:54:53 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win-Trojan/Xema.variant

2011.06.21

Avira AntiVirus

BDS/Pakes

7.11.10.42

avast!

Win32:Inject-ABJ

2014.9-170316

AVG

I-Worm/Brontok

2018.0.2438

Bitdefender

Trojan.Downloader.VB.VDS

1.0.20.375

Clam AntiVirus

Worm.VB-900

0.98/18011

Comodo Security

Worm.Win32.Autorun.h2

9140

Dr.Web

Win32.HLLW.Dungcoi.1

9.0.1.075

ESET NOD32

Win32/Lurka (variant)

11.6224

F-Prot

W32/Lurka.A

v6.4.6.2.117

F-Secure

Trojan.Downloader.VB.VDS

11.2017-16-03_5

G Data

Trojan.Downloader.VB.VDS

17.3.22

IKARUS anti.virus

IM-Worm.Win32.VB

t3scan.1.1.104.0

K7 AntiVirus

Virus

13.106.4828

Kaspersky

Trojan.Win32.Cosmu

14.0.0.-1315

McAfee

W32/Virut.rem.L

5600.6094

Microsoft Security Essentials

Virus:Win32/Lurka.A

1.163.1557.0

Norman

W32/Lurka.C

11.20170316

nProtect

Trojan-Downloader/W32.Agent.147456.BE

11.06.21.01

Panda Antivirus

W32/P2Pworm.HH.worm

17.03.16.02

Quick Heal

W32.Virut.G

3.17.11.00

Rising Antivirus

Worm.Win32.Autorun.exx

23.00.65.17314

Sophos

W32/Lurka-A

4.66

SUPERAntiSpyware

Trojan.Agent/Gen-Falofn

8533

Trend Micro House Call

PE_VIRUX.GEN-4

7.2.75

Trend Micro

PE_VIRUX.GEN-4

10.465.16

Vba32 AntiVirus

SScope.Backdoor.Bifrose.ago

3.12.16.2

VIPRE Antivirus

Trojan.Win32.Generic.pak!cobra

9645

File size:

144 KB (147,456 bytes)

Product version:

1.00

Original file name:

OlalaTheWorld.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

File PE Metadata

Compilation timestamp:

11/17/1983 8:00:00 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x10F8

Entry point:

40, 00, FF, 25, 54, 10, 40, 00, 9C, E8, D6, 72, 01, 00, F0, FF, FF, FF, 00, 00, 40, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 66, 06, B4, 70, B0, A6, F7, 4D, AD, 22, 83, 1A, 96, 4B, 99, 79, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, FC, C5, FD, FF, 99, FF, 64, 75, 6E, 67, 63, 6F, 69, 00, 00, FF, 99, FF, FF, 99, FF, FF, 00, 00, 00, 00, 88, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 03, 00, 00, 00, 46, CF, AC, AF, 64, 91, A1, 4E, A0, FF, 6F, 84, E6, B8, 3F, A7, 01, 00, 00, 00, 90, 00, 00, 00... 
[+]

Entropy:

4.9162

Code size:

48 KB (49,152 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

dc2k5

Command:

C:\windows\sviq.exe

Remove didi dan friends.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.