Trojan

Crypt.Trojan.Malicious.DDS removal

Malware Removal

The Crypt.Trojan.Malicious.DDS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Crypt.Trojan.Malicious.DDS virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • Unconventionial binary language: Chinese (Simplified)
  • Unconventionial language used in binary resources: Chinese (Simplified)
  • The binary likely contains encrypted or compressed data.
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Checks for the presence of known windows from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • Checks for the presence of known devices from debuggers and forensic tools
  • Checks the version of Bios, possibly for anti-virtualization
  • Deletes executed files from disk
  • Detected Armadillo packer using a known mutex
  • Detected Armadillo packer using a known registry key
  • Collects information to fingerprint the system

How to determine Crypt.Trojan.Malicious.DDS?



File Info:

name: 0D9CFBA23280027E43A1.mlw
path: /opt/CAPEv2/storage/binaries/d3e94dff9d50be8e1ef29cb9461d9179a44a79f834cacad0cd3d5ea1dc3820c6
crc32: 74D8676B
md5: 0d9cfba23280027e43a163d8a8609ade
sha1: 37df6a7923f95a958183389620b72884b4e22e3c
sha256: d3e94dff9d50be8e1ef29cb9461d9179a44a79f834cacad0cd3d5ea1dc3820c6
sha512: 9b158cffd24acfa558a41a42bf0175b5779fd7b28f39ceea9340f3314b0232017e388ab2b93a4a8bb30cfbf47f81e521d58bc07ba2e53289e1d76f91379a8790
ssdeep: 12288:ruLeWNKRWIveftcPYLkYDMwWupuqY4S4RZkSdF960aJIPWEJMJ3gF9nky:rYeoKRl4tcg7DWugqYORZpF9g5/3gz
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T14FF422011ADDC27BE9D413B049CA636B573CBD942B065697B66A3BCEAC343C3613C25B
sha3_384: 93cf4792ceb0c6b52df854d9c7d431bf1a41cc921adc585faa30cc3076b939bb14b5f0c7a8e812ea33d6a648e4182b41
ep_bytes: e80a000000e97affffffcccccccccc8b
timestamp: 2004-08-04 06:01:37


Version Info:

CompanyName: Microsoft Corporation
FileDescription: Win32 Cabinet Self-Extractor                                           
FileVersion: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
InternalName: Wextract                
LegalCopyright: (C) Microsoft Corporation. All rights reserved.
OriginalFilename: WEXTRACT.EXE            
ProductName: Microsoft(R) Windows(R) Operating System
ProductVersion: 6.00.2900.2180
Translation: 0x0804 0x04b0

Crypt.Trojan.Malicious.DDS also known as:

Elasticmalicious (high confidence)
MicroWorld-eScanGen:Variant.Tedy.84360
FireEyeGeneric.mg.0d9cfba23280027e
CAT-QuickHealTrojanPWS.QQRob
McAfeeArtemis!0D9CFBA23280
Cylanceunsafe
SangforSuspicious.Win32.Save.ins
K7AntiVirusTrojan ( f1000a011 )
K7GWTrojan ( f1000a011 )
CrowdStrikewin/malicious_confidence_100% (D)
CyrenW32/Backdoor.XSAZ-0226
SymantecML.Attribute.HighConfidence
ESET-NOD32multiple detections
APEXMalicious
ClamAVWin.Trojan.Graybird-7
KasperskyBackdoor.Win32.Hupigon.omm
BitDefenderGen:Variant.Tedy.84360
NANO-AntivirusTrojan.Win32.Hupigon.bcfqmy
AvastWin32:Hupigon-DKF [Trj]
EmsisoftGen:Variant.Tedy.84360 (B)
F-SecureBackdoor.BDS/Hupigon.Gen
DrWebBackDoor.TTY.41
VIPREGen:Variant.Tedy.84360
TrendMicroMal_HPGN-1
McAfee-GW-EditionBackDoor-AWQ
Trapminemalicious.high.ml.score
SophosMal/Generic-S
IkarusTrojan-PSW.QQRob
GDataGen:Trojan.Heur.sWX@rvrFd3hb (2x)
JiangminTrojan/PSW.Alaqq.hf
GoogleDetected
AviraTR/Dropper.Gen
Antiy-AVLTrojan/Win32.Mepaow
XcitiumTrojWare.Win32.PSW.QQRob.EJ@4it9
ArcabitTrojan.Tedy.D14988 [many]
ZoneAlarmBackdoor.Win32.Hupigon.omm
MicrosoftTrojan:Win32/Ditertag.A
CynetMalicious (score: 99)
ALYacGen:Trojan.Heur.sWX@rvrFd3hb
MAXmalware (ai score=85)
VBA32Trojan.Wacatac
MalwarebytesCrypt.Trojan.Malicious.DDS
TrendMicro-HouseCallMal_HPGN-1
RisingTrojan.PSW.QQRobber.adf (CLASSIC)
YandexBackdoor.Hupigon!Jqhu4AoBHZI
TACHYONBackdoor/W32.Hupigon.761856.JY
MaxSecureTrojan.Malware.300983.susgen
FortinetW32/GrayBr.EHC!tr.bdr
AVGWin32:Hupigon-DKF [Trj]
Cybereasonmalicious.232800

How to remove Crypt.Trojan.Malicious.DDS?

Crypt.Trojan.Malicious.DDS removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment