home

TDSSKiller.exe

TDSSKiller

Kaspersky Lab

This is a setup program which is used to install the application. The file has been seen being downloaded from a-12.1fichier.com and multiple other hosts.
Publisher:
Kaspersky Lab ZAO  (signed by Kaspersky Lab)

Product:
TDSSKiller

Description:
TDSS rootkit removing tool

Version:
3.1.0.5

MD5:
0170a4503f85f2d7abcbef0419b1c35a

SHA-1:
244aea59bf95134dcf8cb2e0e3182fdcb1d870d9

SHA-256:
98e2e72db2b7ba1385a0cccbd52390797b566b8f05ac13973c871394bf5949df

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 4:25:36 AM UTC  (today)

File size:
4.2 MB (4,404,952 bytes)

Product version:
3.1.0.5

Copyright:
© 1997-2015 Kaspersky Lab ZAO.

Trademarks:
Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab ZAO.

Original file name:
TDSSKiller.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\tdsskiller.exe

Digital Signature
Signed by:
Kaspersky Lab

Authority:
DigiCert Inc

Valid from:
10/26/2014 8:00:00 PM

Valid to:
11/3/2017 8:00:00 AM

Subject:
CN=Kaspersky Lab, O=Kaspersky Lab, L=Moscow, S=Moscow City, C=RU, PostalCode=125212, STREET=39A/3 Leningradskoe shosse, SERIALNUMBER=1027739867473, OID.1.3.6.1.4.1.311.60.2.1.2=Moscow, OID.1.3.6.1.4.1.311.60.2.1.3=RU, OID.2.5.4.15=Private Organization

Issuer:
CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0D0C681CE3699DB3F3234F70A5CDD362

File PE Metadata
Compilation timestamp:
7/24/2015 5:30:24 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:LuwF45RMrXA96EHCNejzMqCQTDZEYyHvAToxG1GmZgQHS4TKqa:RFmRMUHCy4qCQTRMvVG1GSHPKq

Entry address:
0x8A03E0

Entry point:
50, 9C, 60, E8, 0C, 01, 00, 00, 01, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, E0, 03, 8A, 00, 23, 3C, 42, 00, 4C, 03, 8A, 00, 91, 00, 00, 00, 98, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 70, 96, 89, 00, 98, F1, 89, 00, 1C, F5, 89, 00, 0C, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 46, 00, 23, 3C, 42, 00, 00, 9A, 43, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9977  (probably packed)

Code size:
4.2 MB (4,431,872 bytes)

The file TDSSKiller.exe has been seen being distributed by the following 29 URLs.

https://a-12.1fichier.com/c283653808

https://a-32.1fichier.com/c71671131

http://www.softportal.com/getsoft-21775-tdsskiller-2.html

https://a-32.1fichier.com/c237479182

https://a-32.1fichier.com/c246409848

https://a-12.1fichier.com/c2246777308

http://soporte.eurosistemas.net/.../tdsskiller.exe

https://storage-ec2-48.sharefile.com/download.ashx?dt=dte32f39318b8642e0a717c1af8272c5d6&h=WYWVYcUKuuqmiyglhA5SRHxisCBkqjC5jUJ3aeEVr6s=

https://a-32.1fichier.com/c185737090

https://a-12.1fichier.com/c1050194

&onid=2239&oid=3001-2239_4-75722087&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=security/antivirus&topicbrcrm=&pid=14434812&mfgid=69625&merid=69625&ctype=dm&cval=NONE&devicetype=desktop&pguid=ab51c259ee9f547769a746ba&viewguid=W0ix-pCRrfh1eoMBNYjDccf2jHEORIi1ZRyv&destUrl=http://software-files-a.cnet.com/s/software/14/43/48/.../tdsskiller.exe

http://www.infospyware.com/.../click.php?id=22

http://americas.kasperskylabs.com/HS?b=YiEStm4z1iin6Ux2fYAGjFaJCs6IzaCSJJhLjEoSBGlp16IWxRSerJqqQaKyqGwL&c=rtSL5-O6OvCX3bhhYJW7lg

http://gslink.us/tdss

http://files.downloadnow.com/s/software/14/43/48/.../tdsskiller.exe

http://files2.majorgeeks.com/1e5d71d3eda9d819ce132431c0b928db/.../tdsskiller.exe

http://download.fosshub.com/Protected/expiretime=1445582390;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9URFNTS2lsbGVyLmh0bWw=/0d5a785ef60696c1c6321a87c542691240e736de2e2c525fd804daf1949f4c82/.../tdsskiller.exe

http://www.downloadcrew.com/?act=software.download&id=22551&t=1444753183&c=93a3b336898e08ac6c1407e7f8e9d2bf91ec9ffe

http://filepony.de/.../

http://sb/.../09.#Tdsskiller.exe

http://indir.gezginler.net/i/19463/.../

ftp://lenzininas.ddns.net/PUP/.../TDSSKiller.exe

http://www.majorgeeks.com/index.php?ct=files&action=download&

http://media.kaspersky.com/utilities/VirusUtilities/.../tdsskiller.exe

http://api.viglink.com/api/click?format=go&jsonp=vglnk_143807204167510&key=984ed3ed6aa9a69986f88d56d10e7616&libId=icn2vfz201000a17000DAapm1hics&loc=http://www.tomshardware.com/answers/id-2203789/windows-explorer-exe-run.html&v=1&out=http://.../tdsskiller&ref=https://www.google.com/&title=Windows 8.1 - explorer.exe won't run? [Solved] - Windows 8 - Windows 8&txt=http://.../tdsskiller

http://sbb/.../09._Tdsskiller.exe

http://passthrough.fw-notify.net/download/163908/http://media.kaspersky.com/utilities/VirusUtilities/.../tdsskiller.exe

http://software-files-a.cnet.com/s/software/14/43/48/.../tdsskiller.exe

http://media.kaspersky.com/utilities/VirusUtilities/.../tdsskiller.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.