home

ddtankes.exe

DDtank

OASIS GAMES LIMITED

The application ddtankes.exe by OASIS GAMES LIMITED has been detected as a potentially unwanted program by 7 anti-malware scanners. While running, it connects to the Internet address server-52-84-179-5.gru50.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
OASIS GAMES LIMITED  (signed and verified)

Product:
DDtank

Version:
2.1.1.963

MD5:
692aeff64182dd718f3ce1d12115c3d3

SHA-1:
1f08df754e8e4242a0067994c875da95c1081455

SHA-256:
f93cd9756b028e229d7db60833a6094158177aa226e39314120c0b5bb7115553

Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 2:41:07 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Kazy.725451
506

Arcabit
Trojan.Adware.Kazy.DB11CB
1.0.0.527

Bitdefender
Gen:Variant.Adware.Kazy.725451
1.0.20.1300

Emsisoft Anti-Malware
Gen:Variant.Adware.Kazy.725451
8.15.09.17.12

F-Secure
Gen:Variant.Adware.Kazy
11.2015-17-09_5

G Data
Gen:Variant.Adware.Kazy.725451
15.9.25

MicroWorld eScan
Gen:Variant.Adware.Kazy.725451
16.0.0.780

File size:
1.7 MB (1,754,632 bytes)

Product version:
2.1.1.963

Copyright:
Copyright © 2014-2015 Oasgames,Inc

Original file name:
DDtank.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ddtank\ddtankes.exe

Digital Signature
Signed by:
OASIS GAMES LIMITED

Authority:
Symantec Corporation

Valid from:
8/3/2015 9:00:00 PM

Valid to:
9/2/2017 8:59:59 PM

Subject:
CN=OASIS GAMES LIMITED, OU=Software Department, O=OASIS GAMES LIMITED, L=Hong Kong, S=Hong Kong, C=HK

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
508A19B53BD1D7225F3F8951F4B89F29

File PE Metadata
Compilation timestamp:
9/6/2015 6:08:13 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:36yYd2gdQD6ostSRBshMfHdj+UGLry2mpRJDnx4BeE74W43dxu8WifmIgs8QAza9:3Z3gKYtKran9Omd7UvVldC4UJZU

Entry address:
0x38583

Entry point:
E8, D5, BF, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, FC, E5, 50, 00, 75, 02, F3, C3, E9, 84, C1, 00, 00, 55, 8B, EC, 83, EC, 20, 56, 57, 6A, 08, 59, BE, E8, 02, 4B, 00, 8D, 7D, E0, F3, A5, 8B, 75, 0C, 8B, 7D, 08, 85, F6, 74, 13, F6, 06, 10, 74, 0E, 8B, 0F, 83, E9, 04, 51, 8B, 01, 8B, 70, 18, FF, 50, 20, 89, 7D, F8, 89, 75, FC, 85, F6, 74, 0C, F6, 06, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, AC, C2, 4A, 00, 5F, 5E, 8B, E5, 5D, C2, 08, 00, 8B, 4D, F4, 64...
 
[+]

Code size:
680.5 KB (696,832 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-64-224-48.ap-northeast-1.compute.amazonaws.com  (54.64.224.48:80)

TCP (HTTP):
Connects to 209.222.19.132.constant.com  (209.222.19.132:80)

TCP (HTTP):
Connects to xx-fbcdn-shv-01-gru2.fbcdn.net  (31.13.85.4:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-gru2.facebook.com  (31.13.85.36:443)

TCP (HTTP):
Connects to ec2-52-91-52-229.compute-1.amazonaws.com  (52.91.52.229:80)

TCP (HTTP):
Connects to ec2-35-160-142-30.us-west-2.compute.amazonaws.com  (35.160.142.30:80)

TCP (HTTP):
Connects to 216-155-142-131.constant.com  (216.155.142.131:80)

TCP (HTTP):
Connects to ec2-52-201-213-112.compute-1.amazonaws.com  (52.201.213.112:80)

TCP (HTTP):
Connects to 108-61-6-204.reliableservers.com  (108.61.6.204:80)

TCP (HTTP):
Connects to server-52-85-107-125.jax1.r.cloudfront.net  (52.85.107.125:80)

TCP (HTTP):
Connects to ec2-54-236-140-38.compute-1.amazonaws.com  (54.236.140.38:80)

TCP (HTTP):
Connects to ec2-54-174-84-183.compute-1.amazonaws.com  (54.174.84.183:80)

TCP (HTTP):
Connects to ec2-34-195-205-119.compute-1.amazonaws.com  (34.195.205.119:80)

TCP (HTTP):
Connects to ec2-34-192-135-251.compute-1.amazonaws.com  (34.192.135.251:80)

TCP (HTTP):
Connects to xx-fbcdn-shv-02-mia1.fbcdn.net  (157.240.0.22:80)

TCP (HTTP):
Connects to server-54-230-224-106.gig50.r.cloudfront.net  (54.230.224.106:80)

TCP (HTTP):
Connects to server-54-192-227-218.gig50.r.cloudfront.net  (54.192.227.218:80)

TCP (HTTP):
Connects to server-52-85-107-124.jax1.r.cloudfront.net  (52.85.107.124:80)

TCP (HTTP):
Connects to server-52-84-133-32.atl52.r.cloudfront.net  (52.84.133.32:80)

TCP (HTTP):
Connects to ec2-34-195-97-112.compute-1.amazonaws.com  (34.195.97.112:80)

Remove ddtankes.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.