TDSSKiller.exe

TDSSKiller

Kaspersky Lab

This is a setup program which is used to install the application. The file has been seen being downloaded from dw.html.it and multiple other hosts.
Publisher:
Kaspersky Lab ZAO  (signed by Kaspersky Lab)

Product:
TDSSKiller

Description:
TDSS rootkit removing tool

Version:
3.1.0.6

MD5:
c2edfc067b2a3c169512bac9794409aa

SHA-1:
848af9e786b74eb39b8f31fcf1137225824bde2c

SHA-256:
7857aadcb9fe0b066da3dccc9d587c603837e231757f28e08c8056ee9b598740

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/25/2024 6:42:31 PM UTC  (today)

File size:
4.2 MB (4,397,752 bytes)

Product version:
3.1.0.6

Copyright:
© 1997-2015 Kaspersky Lab ZAO.

Trademarks:
Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab ZAO.

Original file name:
TDSSKiller.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\tdsskiller.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
10/26/2014 7:00:00 PM

Valid to:
11/3/2017 7:00:00 AM

Subject:
CN=Kaspersky Lab, O=Kaspersky Lab, L=Moscow, S=Moscow City, C=RU, PostalCode=125212, STREET=39A/3 Leningradskoe shosse, SERIALNUMBER=1027739867473, OID.1.3.6.1.4.1.311.60.2.1.2=Moscow, OID.1.3.6.1.4.1.311.60.2.1.3=RU, OID.2.5.4.15=Private Organization

Issuer:
CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0D0C681CE3699DB3F3234F70A5CDD362

File PE Metadata
Compilation timestamp:
11/16/2015 3:17:48 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:iHJpWgpaJJIYnvC+5CzzdpnKWpKVgzB+jV7MZKjEoDZ:ippWgoJJIYR5CHdY7Vj9MZSEmZ

Entry address:
0x8933E0

Entry point:
50, 9C, 60, E8, 0C, 01, 00, 00, 01, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, E0, 33, 89, 00, 6C, 20, 42, 00, 4C, 33, 89, 00, 91, 00, 00, 00, 98, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 10, C9, 88, 00, 98, 21, 89, 00, 1C, 25, 89, 00, 0C, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 50, 45, 00, 6C, 20, 42, 00, 00, 7C, 43, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9977  (probably packed)

Code size:
4.2 MB (4,423,680 bytes)

The file TDSSKiller.exe has been seen being distributed by the following 8 URLs.

http://dw.html.it/index.php?softname=tdsskiller_3.1.0.6.exe&code=1448810784&q=OTQyNzJ8a2FzcGVyc2t5LXRkc3NraWxsZXItMTk=

http://www.majorgeeks.com/index.php?ct=files&action=download&

http://sb/.../09.#Tdsskiller.exe