» ddzip.exe
Overview
Analysis
File Details
Downloads (2)

ddzip.exe

JWtab

The application ddzip.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from 113.171.224.173 and multiple other hosts.

File name:

ddzip.exe

Publisher:

JWtab

Product:

JWTab

Description:

JWTab ud

Version:

6.0.6.2

MD5:

c32800e092c69cf9ad4229973d26e0cd

SHA-1:

59e1633aba08caba02b8dbdcecc1cd63c0beaa8e

SHA-256:

3726151b82e59a219cb6a213b9c8d36a05e03c83e6d9aa56f26052a5523354ec

Scanner detections:

15 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 7:55:28 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2270078

639

avast!

Win32:Agent-AYJU [Trj]

2014.9-150507

Baidu Antivirus

Adware.Win32.ELEX

4.0.3.1557

Bitdefender

Trojan.GenericKD.2270078

1.0.20.635

Emsisoft Anti-Malware

Trojan.GenericKD.2270078

8.15.05.07.03

ESET NOD32

Win32/ELEX.BH potentially unwanted (variant)

9.11419

Fortinet FortiGate

Riskware/Elex

5/7/2015

F-Secure

Trojan.GenericKD.2270078

11.2015-07-05_5

G Data

Trojan.GenericKD.2270078

15.5.25

McAfee

Artemis!C32800E092C6

5600.6773

MicroWorld eScan

Trojan.GenericKD.2270078

16.0.0.381

nProtect

Trojan.GenericKD.2270078

15.04.06.02

Panda Antivirus

Generic Suspicious

15.04.05.03

Trend Micro House Call

Suspicious_GEN.F47V0403

7.2.127

VIPRE Antivirus

Trojan.Win32.Generic

39122

File size:

4.9 MB (5,107,200 bytes)

Product version:

6.0.6.2

Original file name:

JWTab.exe

File type:

Executable application (Win32 EXE)

Language:

English (Singapore)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\tubibw88\ddzip.exe

File PE Metadata

Compilation timestamp:

4/2/2015 2:53:16 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

98304:xAbOKSxImD9EL1Nx/K799kGfAXKgX4mBQBNiEhh8X65/wPU7zw5KXbHb:xAiK0ImB+X/K7q6mBKDh8KmwV3

Entry address:

0x1BC88

Entry point:

E8, 48, 84, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C... 
[+]

Entropy:

7.9647 (probably packed)

Code size:

281 KB (287,744 bytes)

The file ddzip.exe has been seen being distributed by the following 2 URLs.

http://113.171.224.173/.../ddzip.exe

http://www.downkoup.com/Public/softs/zip/20150403/.../ddzip.exe

Remove ddzip.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.