What is “Rodecap.Trojan.Downloader.DDS”?

The Rodecap.Trojan.Downloader.DDS is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Rodecap.Trojan.Downloader.DDS virus can do?

Drops a binary and executes it
Authenticode signature is invalid
Anomalous binary characteristics

How to determine Rodecap.Trojan.Downloader.DDS?


File Info:
name: 75A9CA5FD54A9DAB06E7.mlw
path: /opt/CAPEv2/storage/binaries/661f97de5779920c9d49148bcf909c39b699ad79caf79df3732ac7e47f68fbbe
crc32: 6B59404E
md5: 75a9ca5fd54a9dab06e7eaa2e755e6a9
sha1: f3c84de26da4d37cea0d5a66b2790acd3ed1bfb1
sha256: 661f97de5779920c9d49148bcf909c39b699ad79caf79df3732ac7e47f68fbbe
sha512: e136a891e180a251eebc4652552d791dbe69777f7624d94461992ab2e904fcf126156e99a53ec293d44987c1105962c40330615d1af7931ff7b3804f510534b4
ssdeep: 6144:ZqCzjMy8lMNdnKIjH+gQyOHcfbdDOsZcZLGMd06IjDp:kCzYy8lMNdnKIjHa8ZDOsZcZLG7Dp
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B5947C09FA8AF131C1131AB42E2BE71E4576B69617310EC7F7C49D2D8E612D29B3934E
sha3_384: 1d6edd1fc64c723a10e7362bcacda2d9fd4dd95eae44e47dde13ddf6a4613ba84f8c0d892f67f6fc52c9fe8f8181e14e
ep_bytes: e885920000e978feffffcccccccccccc
timestamp: 2012-11-26 15:32:38

Version Info:
Comments:                                                                                                                                                                                                                                                                    
CompanyName: Microsoft Corporation
FileDescription: Extensible Storage Engine Utilities for Microsoft(R) Windows(R)
FileVersion: 6.1.7600.16385
InternalName: esentutl.exe
LegalCopyright: ﾩ Microsoft Corporation. All rights reserved.
LegalTrademarks: ﾩ Microsoft Corporation. All rights reserved.
OriginalFilename: esentutl.exe
PrivateBuild: esentutl.exe
ProductName: Microsoftﾮ Windowsﾮ Operating System
ProductVersion: 6.1.7600.16385
SpecialBuild: 6.1.7600.16385
Translation: 0x0409 0x04b0

Rodecap.Trojan.Downloader.DDS also known as:

Bkav	W32.AIDetectMalware
Lionic	Trojan.Win32.Generic.lIu1
Elastic	malicious (high confidence)
MicroWorld-eScan	Gen:Trojan.Malware.Au0@aie4DTdi
ClamAV	Win.Malware.Rodecap-9890056-0
FireEye	Generic.mg.75a9ca5fd54a9dab
CAT-QuickHeal	Trojan.Small.gen
McAfee	Downloader-FIK!75A9CA5FD54A
Cylance	unsafe
Zillya	Trojan.Rodecap.Win32.1613
Sangfor	Trojan.Win32.Save.a
K7AntiVirus	Trojan ( 0040f0da1 )
Alibaba	Malware:Win32/km_2c5e0.None
K7GW	Trojan ( 0040f0da1 )
Cybereason	malicious.fd54a9
BitDefenderTheta	Gen:NN.ZexaF.36350.Au0@aie4DTdi
VirIT	Trojan.Win32.DownLoader7.BYVT
Cyren	W32/SmallDl.F.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
tehtris	Generic.Malware
ESET-NOD32	a variant of Win32/Rodecap.AZ
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Gen:Trojan.Malware.Au0@aie4DTdi
NANO-Antivirus	Trojan.Win32.Small.btvxkz
Avast	Win32:Rodecap-G [Cryp]
Tencent	Malware.Win32.Gencirc.10b2e51a
Emsisoft	Gen:Trojan.Malware.Au0@aie4DTdi (B)
F-Secure	Trojan.TR/Dldr.Small.87723
DrWeb	Trojan.DownLoader7.34365
VIPRE	Gen:Trojan.Malware.Au0@aie4DTdi
TrendMicro	TROJ_AGENT_056732.TOMB
McAfee-GW-Edition	BehavesLike.Win32.Generic.gh
Sophos	Mal/Qbot-P
Ikarus	Virus.Win32.Cryptor
GData	Gen:Trojan.Malware.Au0@aie4DTdi
Jiangmin	Trojan/Generic.apwlc
Webroot	W32.Rogue.Gen
Avira	TR/Dldr.Small.87723
MAX	malware (ai score=100)
Antiy-AVL	Trojan/Win32.Unknown
Xcitium	TrojWare.Win32.Agent.AWR@4ri3wg
Arcabit	Trojan.Malware.EF9AE7
ZoneAlarm	HEUR:Trojan.Win32.Generic
Microsoft	Trojan:Win32/Small.BH
Google	Detected
AhnLab-V3	Trojan/Win32.Small.R46937
Acronis	suspicious
VBA32	BScope.Trojan.Downloader
ALYac	Gen:Trojan.Malware.Au0@aie4DTdi
TACHYON	Trojan/W32.Agent.435200.FX
Malwarebytes	Rodecap.Trojan.Downloader.DDS
Panda	Trj/Genetic.gen
TrendMicro-HouseCall	TROJ_AGENT_056732.TOMB
Rising	Trojan.Rodecap!1.AEDF (CLASSIC)
Yandex	Trojan.GenAsa!BMy+oolf+zU
SentinelOne	Static AI – Suspicious PE
Fortinet	W32/Rodecap.BA!tr
AVG	Win32:Rodecap-G [Cryp]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Rodecap.Trojan.Downloader.DDS?

Rodecap.Trojan.Downloader.DDS removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X