The file DDXL.EXE is a computer worm.
The worm DDXL.EXE is a self-replicating malicious program,
which uses a computer network to send copies of itself to other computers.
You must fix the DDXL.EXE problem as soon as possible!
Delete the file DDXL.EXE from all infected computers in your network.
Set up your network firewall against DDXL.EXE intervention.
Malware Analysis of DDXL.EXE
Full path on a computer: %SysDir%\Sys32\DDXL.exe
Detected by UnHackMe:
DDXL.EXE
Default location: %SysDir%\Sys32\DDXL.exe
Removal Results: Success
Number of reboot: 1
DDXL.EXE is known as:
Keylogger.Ardamax.GL, Keylog-Ardamax, Trojan.Spy.Ardamax.h, W32.Trojan.AMTB, Spyware.Ardakey, W32.Obfuscated.C2.genr, ADSPYDropper.A, Trojan.Spy.Ardamax-27, Trojan-Spy.Ardamax.h, TrojanSpy.Ardamax.sEUfoidd+2A, Keylogger.Ardamax, Spyware.Ardamax.GL (B), Application.Monitor.Ardamax.~OI, SPR.Tool.Ardamax.207, Ardamax, TrojanSpy.Ardamax.nt, Troj.Ardamax.h.(kcloud), MonitoringTool.Ardamax, Trojan.A.Ardamax.487936, Trojan.Xema, 49575, Win32.KeyLogger.Ardamax, Virus.Ardamax.CI, Malware_fam.gw
DDXL.EXE hash:
- MD5: ef52b540cb404d908338e9cbf7cff283
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\DDXL Agent: “%SysDir%\Sys32\DDXL.exe”
Folders:- %SysDir%\Sys32
Files:- %Temp%\@2.tmp
- %SysDir%\Sys32\AKV.exe
- %SysDir%\Sys32\DDXL.001
- %SysDir%\Sys32\DDXL.006
- %SysDir%\Sys32\DDXL.007
- %SysDir%\Sys32\DDXL.exe