We checked up the file DDSPLAY.EXE and found it hazardous.
The file DDSPLAY.EXE must be deleted from the system immediately.
Kill the process DDSPLAY.EXE and remove DDSPLAY.EXE from the Windows startup.
Malware Analysis of DDSPLAY.EXE
Full path on a computer: %SysDir%\ddsplay.exe
Detected by UnHackMe:
DDSPLAY.EXE
Default location: %SysDir%\ddsplay.exe
Removal Results: Success
Number of reboot: 1
DDSPLAY.EXE is known as:
Trojan.Malagent, Downloader.a.csf, Adware.Kraddare, Trojan.Downloader.VB.pxy, Trojan.VB2.bbrryu, Trojan.DL.VB.LpHXvJs5h9g, Trojan.Downloader.AMN (A), Trojan.DownLoader6.50840, a variant of Win32.TrojanDownloader.VB.PXY, Trojan-Downloader.VB, W32.VB.PXY.tr.dldr, Downloader.VB.ACUC
DDSPLAY.EXE hash:
- MD5: b06e21581e528017fcbf13ec25fa753d
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect DDSPLAY.EXE presence?
![]( "Registry")
Registry:
![]( "Files")
Files:
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MainPro: “%SysDir%\adropen.exe”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\OpenApi: “%SysDir%\adropen.exe”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\PlaySys: “%SysDir%\ddsplay.exe”
Files:- %Temp%\~DF33AC.tmp
- %Temp%\~DF37CD.tmp
- %Temp%\~DF59D8.tmp
- %Temp%\~DF59DE.tmp
- %Temp%\~DF59E3.tmp
- %Temp%\~DFE3E0.tmp
- %SysDir%\adropen.exe
- %SysDir%\ddsplay.exe
- %SysDir%\mdamand.exe