home

TDSSKiller.exe

TDSSKiller

Kaspersky Lab

This is a setup program which is used to install the application. The file has been seen being downloaded from software-files-a.cnet.com and multiple other hosts.
Publisher:
Kaspersky Lab ZAO  (signed by Kaspersky Lab)

Product:
TDSSKiller

Description:
TDSS rootkit removing tool

Version:
3.0.0.25

MD5:
f672155776abadf6a23c59e74491c9f2

SHA-1:
2cb4e213d51195b865a4fa2aeb6574fb45e807f4

SHA-256:
b623f7901b85ba72808ec4af9a195236c601a6b965f9202db557746ae3ffc327

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 8:28:31 PM UTC  (today)

File size:
3.9 MB (4,130,656 bytes)

Product version:
3.0.0.25

Copyright:
© 1997-2014 Kaspersky Lab ZAO.

Trademarks:
Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab ZAO.

Original file name:
TDSSKiller.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\tdsskiller.exe

Digital Signature
Signed by:
Kaspersky Lab

Authority:
DigiCert Inc

Valid from:
2/22/2013 1:00:00 AM

Valid to:
4/28/2015 2:00:00 PM

Subject:
CN=Kaspersky Lab, O=Kaspersky Lab, L=Moscow, C=RU

Issuer:
CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0226E6BDA76DAE711E3DB2321E3B5308

File PE Metadata
Compilation timestamp:
2/27/2014 12:23:28 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:URUi4e3FcoCQsApCfByuZ/NQOcjpcdsVwdazUh39Qqu:UR/3FANzIuZ/NfcjmsNC9M

Entry address:
0x8683E0

Entry point:
50, 9C, 60, E8, 0C, 01, 00, 00, 01, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, E0, 83, 86, 00, 65, 75, 3E, 00, 4C, 83, 86, 00, 92, 00, 00, 00, 98, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 40, 19, 86, 00, 48, 71, 86, 00, CC, 74, 86, 00, 0C, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 60, 46, 00, 65, 75, 3E, 00, 00, BC, 3F, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
4 MB (4,177,920 bytes)

The file TDSSKiller.exe has been seen being distributed by the following 7 URLs.

http://software-files-a.cnet.com/s/software/13/62/38/.../tdsskiller.exe

http://tinyurl.com/redirect.php?num=killrootkit

http://www.tinyurl.com/killrootkit

http://www.majorgeeks.com/index.php?ct=files&action=download&

http://support.kaspersky.com/downloads/.../tdsskiller.exe

http://americas.kasperskylabs.com/HS?a=ENX7C63Pc0Z38SA9MOApPJTnGHxKW_VNJvcStGb5lw8W0bBhOG5mpqVsje_HheH7H121

http://media.kaspersky.com/utilities/VirusUtilities/.../tdsskiller.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.