home

DVRemoteDesktop.exe

DVR Remote Desktop

It runs as a scheduled task under the Windows Task Scheduler. The file has been seen being downloaded from menghome.dyndns.info and multiple other hosts.
Product:
DVR Remote Desktop

Version:
2,1,0,14

MD5:
4e97bd289d3f94b8af2af9d6aefb2e0c

SHA-1:
28bcadff5818078f500da368d4737f43ec757f9b

SHA-256:
9156eecab9efc5f27b385d8989e6482bbf2cc706817c13cf5eda0fe133dd567d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 4:26:22 AM UTC  (today)

File size:
82 KB (83,968 bytes)

Product version:
2,1,0,14

Copyright:
Copyright (C) 2009

Original file name:
DVRemoteDesktop.exe

File type:
Executable application (Win32 EXE)

Language:
English

File PE Metadata
Compilation timestamp:
11/25/2009 4:03:59 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1536:oKc57WYGRpnGovPkR02n6eLA5jrMSC+6DKmYIzLYFs2:oJWdJdo0QI5jroDKhIvg

Entry address:
0x2C70

Entry point:
E8, 07, 21, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 28, EE, 40, 00, 89, 0D, 24, EE, 40, 00, 89, 15, 20, EE, 40, 00, 89, 1D, 1C, EE, 40, 00, 89, 35, 18, EE, 40, 00, 89, 3D, 14, EE, 40, 00, 66, 8C, 15, 40, EE, 40, 00, 66, 8C, 0D, 34, EE, 40, 00, 66, 8C, 1D, 10, EE, 40, 00, 66, 8C, 05, 0C, EE, 40, 00, 66, 8C, 25, 08, EE, 40, 00, 66, 8C, 2D, 04, EE, 40, 00, 9C, 8F, 05, 38, EE, 40, 00, 8B, 45, 00, A3, 2C, EE, 40, 00, 8B, 45, 04, A3, 30, EE, 40, 00, 8D, 45, 08, A3, 3C, EE, 40...
 
[+]

Entropy:
6.1185

Code size:
32.5 KB (33,280 bytes)

Scheduled Task
Task name:
{6345B39D-07F9-49E4-AAE6-E7FCE75BD713}

Trigger:
Registration (Runs on registration)


The file DVRemoteDesktop.exe has been seen being distributed by the following 28 URLs.

http://menghome.dyndns.info:81/DVRemoteDesktop.exe

http://192.168.0.167/DVRemoteDesktop.exe

http://10.105.1.102/DVRemoteDesktop.exe

http://89.25.238.113:8088/DVRemoteDesktop.exe

http://5.2.201.92:86/DVRemoteDesktop.exe

http://10.10.1.15/DVRemoteDesktop.exe

http://hergashiv.dyndns.org/DVRemoteDesktop.exe

http://192.168.3.164/DVRemoteDesktop.exe

http://192.168.1.55/DVRemoteDesktop.exe

http://gadspot.com/.../DVRemoteDesktop.exe

http://camera.mamnonhoacuong.edu.vn/DVRemoteDesktop.exe

http://192.168.1.13/DVRemoteDesktop.exe

http://carla2015.no-ip.org/DVRemoteDesktop.exe

http://114.34.37.31/DVRemoteDesktop.exe

http://10.48.19.84/DVRemoteDesktop.exe

http://futurecctv.no-ip.org/DVRemoteDesktop.exe

http://192.168.1.100:81/DVRemoteDesktop.exe

http://109.207.151.61:100/DVRemoteDesktop.exe

http://truongthanhtam.dyndns.info:81/DVRemoteDesktop.exe

http://192.168.1.38/DVRemoteDesktop.exe

http://abgpr1.fujikocctv.com:81/DVRemoteDesktop.exe

http://mnmaiflower.dyndns.org/DVRemoteDesktop.exe

http://188.76.41.49:90/DVRemoteDesktop.exe

http://192.168.1.100:5000/DVRemoteDesktop.exe

http://192.168.1.254:81/DVRemoteDesktop.exe

http://192.168.1.190:90/DVRemoteDesktop.exe

http://24.52.84.96:100/DVRemoteDesktop.exe

http://95.226.231.227:9000/DVRemoteDesktop.exe

Scan DVRemoteDesktop.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.