× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 270aa3fbf142e5ce68fe601a2012f90e6f409e39da427fd7f83045fdcf739573
File name: copy_dds.com
Detection ratio: 6 / 46
Analysis date: 2013-03-30 17:13:09 UTC ( 6 years, 1 month ago ) View latest
Antivirus Result Update
Avast Win32:Malware-gen 20130330
GData Win32:Malware-gen 20130330
Jiangmin Trojan/Generic.mvhv 20130330
Norman Suspicious_Gen4.CGKKC 20130330
Symantec WS.Reputation.1 20130330
TrendMicro-HouseCall TROJ_GEN.F47BZLS 20130330
Yandex 20130330
AhnLab-V3 20130330
AntiVir 20130330
Antiy-AVL 20130330
AVG 20130330
BitDefender 20130330
ByteHero 20130322
CAT-QuickHeal 20130330
ClamAV 20130330
Commtouch 20130330
Comodo 20130330
DrWeb 20130330
Emsisoft 20130330
eSafe 20130328
ESET-NOD32 20130330
F-Prot 20130330
F-Secure 20130330
Fortinet 20130330
Ikarus 20130330
K7AntiVirus 20130330
Kaspersky 20130330
Kingsoft 20130325
Malwarebytes 20130330
McAfee 20130330
McAfee-GW-Edition 20130330
Microsoft 20130330
eScan 20130330
NANO-Antivirus 20130330
nProtect 20130329
Panda 20130330
PCTools 20130330
Rising 20130328
Sophos AV 20130330
SUPERAntiSpyware 20130330
TheHacker 20130330
TotalDefense 20130329
TrendMicro 20130330
VBA32 20130330
VIPRE 20130330
ViRobot 20130330
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
sUBs

Product D D S
Original name dds.exe
Internal name dds.exe
File version 2011.08.26.01
Description DDS, Doesn't Do Squat
Packers identified
F-PROT PecBundle, embedded, PECompact, appended, NSIS, UPX
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2009-12-05 22:50:46
Entry Point 0x0002F330
Number of sections 3
PE sections
Overlays
MD5 de3a3460451ad793b3e56e49ddcf0238
File type data
Offset 22528
Size 584732
Entropy 8.00
PE imports
RegEnumKeyA
SetBkMode
VirtualFree
ExitProcess
VirtualProtect
LoadLibraryA
VirtualAlloc
GetProcAddress
ShellExecuteA
VerQueryValueA
CoTaskMemFree
Number of PE resources by type
RT_DIALOG 3
RT_ICON 1
RT_MANIFEST 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 7
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
4096

ImageVersion
6.0

ProductName
D D S

FileVersionNumber
2011.8.26.1

UninitializedDataSize
172032

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
dds.exe

MIMEType
application/octet-stream

LegalCopyright
sUBs

FileVersion
2011.08.26.01

TimeStamp
2009:12:05 23:50:46+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
dds.exe

FileDescription
DDS, Doesn't Do Squat

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Swearware

CodeSize
20480

FileSubtype
0

ProductVersionNumber
2011.8.26.1

EntryPoint
0x2f330

ObjectFileType
Executable application

Comment
Non invasive diagnostic scanner

File identification
MD5 2e84724e785214f625e16d1e89519da2
SHA1 d83426e0a5acefff59b982ad3627b090a5f3663b
SHA256 270aa3fbf142e5ce68fe601a2012f90e6f409e39da427fd7f83045fdcf739573
ssdeep
12288:b+1d+G2BnBn0USLRmKQkFwqCAiSkOs93ye5au91xnm9kCg5vbU6JNd8:b+1sLnjSLAKFt8n3P5aa1hwCvbhJN6

authentihash 8603430a1001b1f51f31b3e40fb3485d762f723f76bbc949f610162e6f7d53f4
imphash 2134f794bcda54794e74b7208adb2204
File size 593.0 KB ( 607260 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID UPX compressed Win32 Executable (38.2%)
Win32 EXE Yoda's Crypter (37.5%)
Win32 Dynamic Link Library (generic) (9.2%)
Win32 Executable (generic) (6.3%)
OS/2 Executable (generic) (2.8%)
Tags
nsis peexe pecompact upx overlay

VirusTotal metadata
First submission 2011-08-26 15:00:51 UTC ( 7 years, 9 months ago )
Last submission 2018-12-12 13:00:31 UTC ( 5 months, 2 weeks ago )
File names dds[1].scr
2e84724e785214f625e16d1e89519da2.malware
2e84724e785214f625e16d1e89519da2.malware.exe
dds.com
dds (1).com
569781AB1CA705E744D009A8080DC1007136429F.scr
file-2759186_scr
d83426e0a5acefff59b982ad3627b090a5f3663b
copy_dds.com
dds.scr
DDS.scr
dds.exe
sample_d83426e0a5acefff59b982ad3627b090a5f3663b
dds (1).scr
dds (2).scr
dds.20111118.scr
dds.EXE
dds.com
dds(1).scr
dds.com
dds.scr
DPVLKWITSW-113.pms.scr.SVD
2e84724e785214f625e16d1e89519da2_INF4A86.tmp
d83426e0a5acefff59b982ad3627b090a5f3663b.bin
file-3042175_exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

TrendMicro-HouseCall
TrendMicro's heuristic engine has flagged this file as: Suspicious_GEN.F47V1002.

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!