» TDSSKiller.exe
Overview
Analysis
File Details
Downloads (43)

TDSSKiller.exe

TDSSKiller

Kaspersky Lab

This is a setup program which is used to install the application. The file has been seen being downloaded from download1395.mediafire.com and multiple other hosts.

File name:

TDSSKiller.exe

Publisher:

Kaspersky Lab ZAO (signed by Kaspersky Lab)

Product:

TDSSKiller

Description:

TDSS rootkit removing tool

Version:

3.1.0.9

MD5:

8af92d125efc48d4a4f0140777aa2fd4

SHA-1:

60ee6e405f5a88fb9b9c8256b350964625c55242

SHA-256:

71fab17a59b474e6ff3a8c5fb9b46cadfc6226c6a100c84944cbc7ccda151075

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/27/2024 1:59:02 AM UTC (today)

File size:

4.5 MB (4,727,984 bytes)

Product version:

3.1.0.9

Trademarks:

Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab ZAO.

Original file name:

TDSSKiller.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\tdsskiller.exe

Digital Signature

Signed by:

Kaspersky Lab

Authority:

DigiCert Inc

Valid from:

5/28/2015 3:00:00 AM

Valid to:

12/30/2015 2:00:00 PM

Subject:

CN=Kaspersky Lab, O=Kaspersky Lab, L=Moscow, S=Moscow City, C=RU

Issuer:

CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0916825462BEA15594450E897E8D3AE6

File PE Metadata

Compilation timestamp:

12/11/2015 8:13:14 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

CTPH (ssdeep):

98304:ZdKzSF0IcjLaaDJPPG1sUDHAZIfauUDAlIBlH:vKzEB0ueJXGftzUDAlW5

Entry address:

0x3200

Entry point:

E8, 49, 04, 00, 00, E9, 78, FE, FF, FF, 55, 8B, EC, FF, 75, 08, E8, 9C, FD, FF, FF, 59, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, F6, 45, 08, 01, 56, 8B, F1, C7, 06, 54, 43, 41, 00, 74, 0A, 6A, 0C, 56, E8, D0, FF, FF, FF, 59, 59, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 6A, 00, FF, 15, 7C, 40, 41, 00, FF, 75, 08, FF, 15, 78, 40, 41, 00, 68, 09, 04, 00, C0, FF, 15, 64, 40, 41, 00, 50, FF, 15, 80, 40, 41, 00, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, D1, F5, 00, 00, 85, C0, 74, 05, 6A... 
[+]

Code size:

74 KB (75,776 bytes)

The file TDSSKiller.exe has been seen being distributed by the following 43 URLs.

http://download1395.mediafire.com/xhnqdyt2brcg/.../tdsskiller.exe

https://mega.nz/persistent/.../Yt4kWIpY

http://www.techspot.com/downloads/downloadnow/.../?evp=e1dbf38fc832a3d574868dc938cd42ce&file=1

http://filehippo.com/download/file/.../

http://download1763.mediafire.com/86h9w55eqrwg/.../tdsskiller.exe

http://filehippo.com/download/file/.../

http://www.majorgeeks.com/index.php?ct=files&action=download&PHPSESSID=h8mkuuj66h96i4c4s38dkvoq33

https://dl-web.dropbox.com/.../tdsskiller.exe

http://download1587.mediafire.com/u8u3145hclcg/.../tdsskiller.exe

http://gslink.us/tdsskiller

https://mega.nz/temporary/.../Yt4kWIpY

&onid=2239&oid=3001-2239_4-75722087&rsid=cbsidownloadcomsite&sl=en&sc=us&topicguid=security/antivirus&topicbrcrm=&pid=14491178&mfgid=69625&merid=69625&ctype=dm&cval=NONE&devicetype=desktop&pguid=e5b5670d5428946bafd59ad3&viewguid=cfrADdF2eOiAGP2TA8gbNmtDNyJSTUoFfNeh&destUrl=http://files.downloadnow.com/s/software/14/49/11/.../tdsskiller.exe

http://reservoir.marketstudio.net/reservoir?t=affiliate&p=digitalriver&d=http://files1.majorgeeks.com/1f6a5655478c2f55c9c37207e46a6415/.../tdsskiller.exe

http://filehippo.com/download/file/.../

https://download.fosshub.com/Protected/expiretime=1461355308;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9URFNTS2lsbGVyLmh0bWw=/e2c7824295b1982b7c6f791a9efb3d092a0079c9167093cd62feb16b207e10c5/.../tdsskiller.exe

http://filehippo.com/download/file/.../

http://indir.gezginler.net/i/19463/.../

http://www.windoctor.it/?wpdmdl=32

http://filehippo.com/download/file/.../

http://dl1.filehippo.com/.../tdsskiller.exe

http://reservoir.marketstudio.net/reservoir?t=affiliate&p=digitalriver&d=http://files1.majorgeeks.com/c5cc17e395d3049b03e0f1ccebb02b4d/.../tdsskiller.exe

http://www.infospyware.com/.../click.php?id=22

http://aalos1nas01:5000/.../tdsskiller.exe

https://download.fosshub.com/Protected/expiretime=1451921742;badurl=aHR0cDovL3d3dy5mb3NzaHViLmNvbS9URFNTS2lsbGVyLmh0bWw=/44bd6279721d93df768dabd57742d4472c3d4a3bccb5e5fcf1b06c0e53cba45d/.../tdsskiller.exe

http://192.168.0.3/.../09._Tdsskiller.exe

http://filehippo.com/download/file/.../

http://gslink.us/tdss

http://indir.gezginler.net/i/19463/.../

Latest 30 of 43 download URLs

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.