» windowstab_dd.sys
Overview
Analysis
File Details
Behaviors (1)

windowstab_dd.sys

DOTPITCH.INC

The file windowstab_dd.sys by DOTPITCH.INC has been detected as adware by 4 anti-malware scanners. It runs as a Windows kernel mode device driver named “windowstab_dd”.

File name:

windowstab_dd.sys

Publisher:

DOTPITCH.INC (signed and verified)

MD5:

cf266138c7721be4dc5c3d700d7c2ca3

SHA-1:

de4a9fa732d687df9bbbab289aab2fc5f93cbfab

Scanner detections:

4 / 68

Status:

Adware

Analysis date:

4/26/2024 12:35:51 PM UTC (today)

Scan engine

Detection

Engine version

Qihoo 360 Security

Unnamed.Threat

1.0.0.1015

Reason Heuristics

PUP.DOTPITCHINC (M)

15.7.9.11

Trend Micro House Call

ADW_KRADDARE

7.2.190

Trend Micro

ADW_KRADDARE

10.465.09

File size:

10.2 KB (10,456 bytes)

File type:

Driver (Win32 SYS)

Common path:

C:\Windows\System32\drivers\windowstab_dd.sys

Digital Signature

Signed by:

DOTPITCH.INC

Authority:

Thawte, Inc.

Valid from:

3/12/2013 9:00:00 AM

Valid to:

4/12/2014 8:59:59 AM

Subject:

CN=DOTPITCH.INC, OU=Marketing, O=DOTPITCH.INC, L=Seocho-gu, S=Seoul, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

0AA240F3D167B5B6AF5A20903B60B16F

File PE Metadata

Compilation timestamp:

4/17/2013 12:15:57 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

192:yFD/jrZjtYWyianHWkhx1u864qZm682EqL+Wou7+wkcW15KQ3:yBjFjKZHWixs8om+EqL+FuCBiQ3

Entry address:

0xFBE

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 74, F9, FF, FF, CC, CC, F8, 0F, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 0C, 11, 00, 00, 80, 0D, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 34, 10, 00, 00, 48, 10, 00, 00, 56, 10, 00, 00, 72, 10, 00, 00, 82, 10, 00, 00, 9A, 10, 00, 00, AA, 10, 00, 00, C0, 10, 00, 00, CA, 10, 00, 00, EA, 10, 00, 00, F4, 10, 00, 00, FE, 10, 00, 00, 1A, 11, 00, 00, 26, 11, 00, 00, 00, 00, 00, 00, 19, 05, 5A, 77, 44, 65, 6C, 65, 74, 65... 
[+]

Entropy:

6.8353

Code size:

2.8 KB (2,816 bytes)

Driver

Display name:

windowstab_dd

Type:

Kernel device driver (KernelDriver)

Remove windowstab_dd.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.