Gridinsoft Logo
File Icon

LDPlayer - Android-Emulator - CHIP Installer _DjBuv.exe PUP Downloader Analysis

Updated 5 months ago
Checked by Malware Check
LDPlayer - Android-Emulator - CHIP Installer _DjBuv.exe

Technical Analysis

File Name LDPlayer - Android-Emulator - CHIP Installer _DjBuv.exe
File Type
PE32+ executable (GUI) x86-64, for MS Windows
Scanner Version 1.0.203.174
Database Version 2025-01-09 15:00:28 UTC

PUP.Win64.Downloader.dd!c

Malware family: Downloader

Downloader Trojans specialize in retrieving and installing additional malware payloads. Unlike comprehensive malware, they focus specifically on payload delivery rather than direct system damage.
N/A
Detection Rate
5,331,520
File Size (bytes)
2025-01-09
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
f5980f17f44da870072c5ce396eb01bf
SHA1
22ce208acb16875cdd9d42a794557a56068220c2
SHA256
2f9079df89e96a997a910f9243173ac60bfe625501452152f8ab281778e5696b
SHA512
f30c2029f7b85c7959385f64627d2443e9e76b8a025a02aa2619f0758dbdd0e00f2b0464a8af5a4607be1bff006d24f677d548bac0e755f880f7207a6e465037
ImpHash
9a3ae152609425957e9b2d8f50b872a5

PE Analysis

Basic Information

Icon
Hash: 97551831a5371607095f2b34e33eeeac
Fuzzy: 13ac216669c1ffa8cbc8fa3404f0151d
dHash: 96e8ccccccd8e48e
Image Base 0x00400000
Entry Point 0x007f8020
Compilation Time 2022-04-16 09:34:08
Checksum 0x00522532 (Actual: 0x00522532)
OS Version 5.2
PEiD Signatures PE32+ executable (GUI) x86-64, for MS Windows
Digital Signature OK
Imports 14 libraries
Exports 3 functions
Resources 97 Resources
Sections 11 Sections

Version Information

CompanyName CHIP Digital GmbH
FileDescription CHIP Secured Installer
FileVersion 1.0.100.6
LegalCopyright Copyright 2021 CHIP Digital GmbH
ProductName LgInstall
ProductVersion 1.0.100.6
Translation 0x0409 0x04e4

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 4,237,336 bytes 4,237,824 bytes 5.66 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ E02F8A3F9F949F8C1D4C598349FA8F53
.data 0x0040c000 324,888 bytes 325,120 bytes 4.97 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE E23E4CAF7412A97D9D0BBC86533165A5
.bss 0x0045c000 53,340 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.idata 0x0046a000 18,612 bytes 18,944 bytes 4.35 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE F65927E1243D31E9F55922D5B6515F99
.didata 0x0046f000 4,694 bytes 5,120 bytes 3.26 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 297F44BC363503BA2DBF14D04DD06917
.edata 0x00471000 155 bytes 512 bytes 1.91 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ B27F1A94244B04B5DDCDD098AEF4719C
.tls 0x00472000 656 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.rdata 0x00473000 109 bytes 512 bytes 1.37 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ F46BC7D2AA7C3093B790418DEE1FDA39
.reloc 0x00474000 230,892 bytes 230,912 bytes 6.52 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ BBB7BE2C28239A173E0F3B86D523E1F0
.pdata 0x004ad000 192,012 bytes 192,512 bytes 6.34 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 137591494248E7B2E634DC77FD2F8F84
.rsrc 0x004dc000 309,760 bytes 309,760 bytes 6.82 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 79E4F571DBDB2A1757FB5C87904A8BAA
Entropy Analysis Alert

2 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 97 (302,466 bytes)
Resource Type Count Total Size Percentage
RT_CURSOR 7 2,156 bytes
0.7%
RT_BITMAP 10 4,660 bytes
1.5%
RT_ICON 4 89,952 bytes
29.7%
RT_STRING 28 32,768 bytes
10.8%
RT_RCDATA 38 170,274 bytes
56.3%
RT_GROUP_CURSOR 7 140 bytes
0%
RT_GROUP_ICON 1 62 bytes
0%
RT_VERSION 1 640 bytes
0.2%
RT_MANIFEST 1 1,814 bytes
0.6%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

OK

PUP.Win64.Downloader.dd!c Removal

Gridinsoft has the capability to identify and eliminate PUP.Win64.Downloader.dd!c without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware