14657.exe

BDE MSM Configuration Utility

`

The executable 14657.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘88ec4’. While running, it connects to the Internet address vip1.g5.cachefly.net on port 80 using the HTTP protocol.
Publisher:
`

Product:
BDE MSM Configuration Utility

Description:
File folder

Version:
1.00

MD5:
0349e5e22e27da64fd84e0206342ec06

SHA-1:
e46f05b598ad68abddde74fbd755b394fdd4960d

SHA-256:
84bf33bc70ebf1e8bfaffd9e563e0da075719b49aeb2f219a1008e73bb171b96

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/30/2024 10:21:24 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Generic
17.2.1.10

File size:
664 KB (679,936 bytes)

Product version:
1.00

Original file name:
BDEMMCFG

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\14657.exe

File PE Metadata
Compilation timestamp:
11/19/2016 3:59:11 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x3584

Entry point:
68, FC, 39, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, E7, 47, 45, 18, 0E, 98, 51, 47, A1, 5C, 2E, 3F, 17, E6, 45, F8, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 50, 72, 6F, 6A, 65, 63, 74, 31, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 13, DE, 2D, 84, 51, 81, 13, 57, 44, B0, 00, 64, 0A, A9, FA, 08, E7, 13, 33, CE, 61, AF, AE, 60, 45, A6, 95, 80, 2F, A3, A9, B8, 23, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
4.3946

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
192 KB (196,608 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
88ec4

Command:
53a76.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to vip1.g5.cachefly.net  (66.225.197.197:80)

TCP (HTTP):
Connects to static.248.127.63.178.clients.your-server.de  (178.63.127.248:80)

TCP (HTTP SSL):
Connects to server-54-240-162-8.fra6.r.cloudfront.net  (54.240.162.8:443)

TCP (HTTP):
Connects to server-54-192-25-66.mxp4.r.cloudfront.net  (54.192.25.66:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to ec2-52-207-114-118.compute-1.amazonaws.com  (52.207.114.118:80)

TCP (HTTP):
Connects to c0.a2.2ca9.ip4.static.sl-reverse.com  (169.44.162.192:80)

TCP (HTTP):
Connects to static.78-46-116-97.clients.your-server.de  (78.46.116.97:80)

TCP (HTTP):
Connects to hosted-by.hostdl.com.asiatech.ir  (79.127.127.5:80)

TCP (HTTP):
Connects to ec2-52-48-98-178.eu-west-1.compute.amazonaws.com  (52.48.98.178:80)

TCP (HTTP):
Connects to a23-50-149-163.deploy.static.akamaitechnologies.com  (23.50.149.163:80)

Remove 14657.exe - Powered by Reason Core Security