home

beddgghhdd.exe

trusTEd APps dDD

Part of the OutBrowse Revenyou installer which bundles offers for additional third party applications that may be unwanted and installed without consent. The application beddgghhdd.exe by trusTEd APps dDD has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory.
Publisher:
trusTEd APps dDD  (signed and verified)

Version:
2015.67.90.64

MD5:
430b8856b6b634bcc238e11c114a8833

SHA-1:
3da39fead7a6ea4677694a2eb486e8c4915cfa1c

SHA-256:
5a0c4ba1a84f2f4b47c76280fe0d06eaa574fe0184d99476b5a059086b5ff223

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/28/2024 12:55:42 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Outbrowse.trusTEdAPpsdDD (M)
16.3.4.15

File size:
761.5 KB (779,816 bytes)

Product version:
2015.67.90.64

Copyright:
Copyright (C) 2015

Original file name:
2015679064.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\beddgghhdd.exe

Digital Signature
Signed by:
trusTEd APps dDD

Authority:
thawte, Inc.

Valid from:
6/4/2015 7:00:00 AM

Valid to:
1/28/2016 6:59:59 AM

Subject:
CN=trusTEd APps dDD, O=trusTEd APps dDD, L=Dublin, S=Dublin, C=IE

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
1D200CCB1C368FF727D32D006FD9733A

File PE Metadata
Compilation timestamp:
6/7/2015 4:00:18 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:Tzuoig3gP7+ixDssUYteOg4MKco22/wjvUbJ0kYWbnt/4s7+UQ9f0d79pUNkcRrS:TzuOgP7+ixD9UYtM4MKcd2/6va6kYWb1

Entry address:
0x79035

Entry point:
E8, C0, AD, 00, 00, E9, 89, FE, FF, FF, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, 00, 2C, 4B, 00, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, DF, BB, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, CF, BB, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, 19, 01, 00, 00, 8B, 4D, 10, 8D, 55, E8, 89, 53, FC, 8B, 5B, 0C, 89, 45, E8, 89, 4D, EC, 83, FB, FE, 74, 5F, 8D, 49, 00, 8D, 04, 5B, 8B, 4C...
 
[+]

Entropy:
6.6230

Code size:
587 KB (601,088 bytes)

Remove beddgghhdd.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.