» ffdshow.exe
Overview
Analysis
File Details
Programs (1)
Downloads (11)

ffdshow.exe

ffdshow

This is a self-extracting archive and installer. The file has been seen being downloaded from indir.gezginler.net and multiple other hosts.

File name:

ffdshow.exe

Publisher:

ffdshow

Product:

ffdshow

Description:

ffdshow Setup

Version:

1.2.4422.0

MD5:

b3b27b0ad4ac60a6ce986d244a9214b4

SHA-1:

735fe1ef90fdc6acbdd0d3671ed21bb0cccca84b

SHA-256:

bb604a873f8129dfd20af98439b8e63a504d8ca005eca2cf130b471cad05d69e

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/23/2024 6:18:50 AM UTC (today)

File size:

4.5 MB (4,765,753 bytes)

Product version:

1.2.4422.0

GNU

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\ffdshow.exe

File PE Metadata

Compilation timestamp:

12/20/2011 6:16:50 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:IyQT1dK/KJlirxs2TbkKykHMARBZF9F/GWdWQmAYu1ZlWApa1ORkn1fWJ:2T/Zexsio9ksAhHF/bPpTQcRkn1W

Entry address:

0x16478

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, B0, 52, 41, 00, E8, AC, 03, FF, FF, 33, C0, 55, 68, 45, 6B, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 01, 6B, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, 4E, EC, FF, FF, E8, F5, E7, FF, FF, 8D, 55, EC, 33, C0, E8, 7F, 84, FF, FF, 8B, 55, EC, B8, AC, D6, 41, 00, E8, E2, E9, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, AC, D6, 41, 00, B2, 01... 
[+]

Entropy:

7.9921

Developed / compiled with:

Microsoft Visual C++

Code size:

84 KB (86,016 bytes)

The file ffdshow.exe has been discovered within the following program.

HDVidCodec by Bandoo Media Inc

HDVidCodec bundles various adware software during installation including the SweetIM toolbar (which modifies web browser settings such as search).

www.hdvidcodec.com

43% remove it

The file ffdshow.exe has been seen being distributed by the following 11 URLs.

http://indir.gezginler.net/i/4097/.../

http://netcologne.dl.sourceforge.net/project/ffdshow-tryout/Official releases/.../ffdshow_rev4422_20120409.exe

http://www.titrari.ro/getfile.php?filename=ffdshow_rev4422_20120409.exe

http://downloads.sourceforge.net/project/ffdshow-tryout/Official releases/.../ffdshow_rev4422_20120409.exe

http://www.afterdawn.com/software/.../download.cfm?version_id=45825&software_id=446&mirror_id=0&installer=0&perion=0&air_installer=0

http://aarnet.dl.sourceforge.net/project/ffdshow-tryout/Official releases/.../ffdshow_rev4422_20120409.exe

http://freefr.dl.sourceforge.net/project/ffdshow-tryout/Official releases/.../ffdshow_rev4422_20120409.exe

http://www.videohelp.com/.../ffdshow_rev4422_20120409.exe

http://citylan.dl.sourceforge.net/project/ffdshow-tryout/Official releases/.../ffdshow_rev4422_20120409.exe

http://www.jdobbs.net/.../ffdshow_rev4422_20120409.exe

http://d2qsma9t6l5kt7.cloudfront.net/.../ffdshow.exe

Scan ffdshow.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.