home

dd.exe

MD5:
168b73cc0f3d8c92c98c5028aec770df

SHA-1:
7efcd6af6a0fda490b42e0ed4c5aa969079040d1

SHA-256:
2f3d16ef80d336ff1d270af9c101443a6426600b6d7c6506d984cdbdc7c6e8f9

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/5/2024 9:45:21 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
HW32.Pedka
1.3.0.4613

File size:
334 KB (342,016 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Windows\System32\dd.exe

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.25

CTPH (ssdeep):
6144:4GstW634w/+YvExOLm3hfpH2NqdMsBIdvHy/+o2tIxwgCQ:utroO+YvEkLmYzPda+f6Of

Entry address:
0x48504

Entry point:
55, 8B, EC, B9, 0E, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, 57, A1, A4, AC, 44, 00, C6, 00, 01, B8, 74, 83, 44, 00, E8, EB, DE, FB, FF, 33, C0, 55, 68, 73, 8E, 44, 00, 64, FF, 30, 64, 89, 20, E8, 14, B3, FF, FF, B8, 8C, 8E, 44, 00, E8, C6, B1, FF, FF, B8, BC, 8E, 44, 00, E8, BC, B1, FF, FF, B8, F4, 8E, 44, 00, E8, B2, B1, FF, FF, B2, 01, A1, 80, C5, 40, 00, E8, 32, A8, FB, FF, A3, 6C, C7, 44, 00, 8D, 55, E8, 33, C0, E8, 7B, A3, FB, FF, 8B, 45, E8, 8D, 55, EC, E8, 5C, FD, FB, FF, 8B, 45, EC, 8D...
 
[+]

Entropy:
6.5803

Developed / compiled with:
Microsoft Visual C++

Code size:
289 KB (295,936 bytes)

The file dd.exe has been discovered within the following programs.

LinuxLive USB Creator  by Thibaut Lauziere
Publisher's description - “LinuxLive USB Creator is a free and open-source software for Windows. It will help you in your journey of discovery with Linux. For you, LiLi creates portable, bootable and virtualized USB stick running Linux.”
www.linuxliveusb.com
About 2% of users remove it
 
Powered by Should I Remove It?

The file dd.exe has been seen being distributed by the following URL.

http://greyghost.mooo.com/.../dd.exe

Scan dd.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.