home

ttk.exe

DriverDevelop.com

The application ttk.exe by DriverDevelop.com has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
天天看播放器  (signed by DriverDevelop.com)

Product:
天天看播放器

Version:
1.00

MD5:
d09fa9458316aacecbe925ec85474833

SHA-1:
409b636c1b5ec11457facddb5c2b03b958aacee0

SHA-256:
0b8a21b5c3a9baef7234bd0f474e245634d71db5cf6d78a5036da9aaaac02fca

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/19/2024 8:34:16 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.9.1.20

File size:
744.1 KB (761,912 bytes)

Product version:
1.00

Original file name:
天天看.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\users\{user}\downloads\ttk.exe

Digital Signature
Signed by:
DriverDevelop.com

Authority:
DriverDevelop.com

Valid from:
8/15/2009 11:02:01 AM

Valid to:
8/13/2019 11:02:01 AM

Subject:
E=ca@zndev.com, CN=DriverDevelop.com Signtools Test cert, OU=Dept. CodeSign CA, O=DriverDevelop.com, S=BeiJing, C=CN

Issuer:
E=ca@zndev.com, CN=DriverDevelop.com CA, OU=DriverDevelop.com CA, O=DriverDevelop.com, L=BeiJing, S=BeiJing, C=CN

Serial number:
011E

File PE Metadata
Compilation timestamp:
6/27/2014 1:45:28 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:265Bo9cGccpccUccL7cc2ccOcc9cc4AcHc3+ck1ZOzrrmky65q:22Bo9cGccpccUccL7cc2ccOcc9cc4Acl

Entry address:
0x1BE8

Entry point:
68, 14, 02, 45, 00, E8, F0, FF, FF, FF, 00, 00, 48, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, F0, 47, A2, B5, 38, 1A, CE, 44, BD, 72, 4F, D6, A9, 41, C6, 71, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 20, 59, 20, 41, 73, 20, CC, EC, CC, EC, BF, B4, B2, A5, B7, C5, C6, F7, 00, 57, 69, 64, 00, 68, 20, 41, 73, 20, 4C, 6F, B8, 00, 00, 00, 90, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 03, 00, 00, 00, 82, 36, AF, 26, 37, 1D, 62, 4A, AE, 4E, 89, 0E, DF, F6, FB, 36, 01, 00, 00, 00, 98, 00, 00, 00...
 
[+]

Entropy:
5.2440

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
432 KB (442,368 bytes)

Remove ttk.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.