home

DVRemoteDesktop.exe

DVR Remote Desktop

This is a setup program which is used to install the application. The file has been seen being downloaded from taco4.ddns.net and multiple other hosts.
Product:
DVR Remote Desktop

Version:
2,1,0,17

MD5:
06ce10d98538b69a990e6491bbec145e

SHA-1:
9c0033d9d89e802a83275352c4b2ab64e4a93cd0

SHA-256:
6d2a52e5434778d3f064aab18bff9a4d625d7c0fc1774a6dda0e0567d86d17e8

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/26/2024 3:37:51 AM UTC  (today)

Scan engine
Detection
Engine version

Zillya! Antivirus
Trojan.Genome.Win32.248264
2.0.0.1821

File size:
82.5 KB (84,480 bytes)

Product version:
2,1,0,17

Copyright:
Copyright (C) 2009

Original file name:
DVRemoteDesktop.exe

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\dvremotedesktop.exe

File PE Metadata
Compilation timestamp:
1/3/2011 9:55:18 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
1536:WKm8juGRaKuxyMkkkGon6eLQ5jrHSC+6DKmYhz3W:WAnfnY+o5jrvDKhhzW

Entry address:
0x2CB0

Entry point:
E8, 07, 21, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 28, EE, 40, 00, 89, 0D, 24, EE, 40, 00, 89, 15, 20, EE, 40, 00, 89, 1D, 1C, EE, 40, 00, 89, 35, 18, EE, 40, 00, 89, 3D, 14, EE, 40, 00, 66, 8C, 15, 40, EE, 40, 00, 66, 8C, 0D, 34, EE, 40, 00, 66, 8C, 1D, 10, EE, 40, 00, 66, 8C, 05, 0C, EE, 40, 00, 66, 8C, 25, 08, EE, 40, 00, 66, 8C, 2D, 04, EE, 40, 00, 9C, 8F, 05, 38, EE, 40, 00, 8B, 45, 00, A3, 2C, EE, 40, 00, 8B, 45, 04, A3, 30, EE, 40, 00, 8D, 45, 08, A3, 3C, EE, 40...
 
[+]

Code size:
33 KB (33,792 bytes)

The file DVRemoteDesktop.exe has been seen being distributed by the following 28 URLs.

http://taco4.ddns.net:2222/DVRemoteDesktop.exe

http://192.168.25.150:2000/DVRemoteDesktop.exe

http://192.168.2.19:8080/DVRemoteDesktop.exe

http://219.85.144.173/DVRemoteDesktop.exe

http://192.168.1.150:85/DVRemoteDesktop.exe

http://125.227.99.155/DVRemoteDesktop.exe

http://172.16.16.220/DVRemoteDesktop.exe

http://192.168.0.200:8000/DVRemoteDesktop.exe

http://192.168.4.206/DVRemoteDesktop.exe

http://43.245.212.237:5550/DVRemoteDesktop.exe

http://192.168.1.111/DVRemoteDesktop.exe

http://cacanpkl.dyndns.org/DVRemoteDesktop.exe

http://62.150.86.190:7414/DVRemoteDesktop.exe

http://192.168.1.19/DVRemoteDesktop.exe

http://71.123.0.109:5400/DVRemoteDesktop.exe

http://192.168.1.234/DVRemoteDesktop.exe

http://192.168.1.10:9999/DVRemoteDesktop.exe

http://192.168.1.130/DVRemoteDesktop.exe

http://192.168.1.100/DVRemoteDesktop.exe

http://192.168.1.38/DVRemoteDesktop.exe

http://70.69.169.197/DVRemoteDesktop.exe

http://nevin123.dyndns.org:7000/DVRemoteDesktop.exe

http://86.124.68.125:81/DVRemoteDesktop.exe

http://192.168.1.165:2014/DVRemoteDesktop.exe

http://192.168.1.38:81/DVRemoteDesktop.exe

http://192.168.55.200/DVRemoteDesktop.exe

http://moritain.com:100/DVRemoteDesktop.exe

http://192.168.0.192/DVRemoteDesktop.exe

Scan DVRemoteDesktop.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.