» 14657.exe
Overview
Analysis
File Details
Behaviors (1)
Network (13)

14657.exe

BDE MSM Configuration Utility

`

The executable 14657.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘88ec4’. While running, it connects to the Internet address vip1.g5.cachefly.net on port 80 using the HTTP protocol.

File name:

14657.exe

Publisher:

Product:

BDE MSM Configuration Utility

Description:

File folder

Version:

1.00

MD5:

0349e5e22e27da64fd84e0206342ec06

SHA-1:

e46f05b598ad68abddde74fbd755b394fdd4960d

SHA-256:

84bf33bc70ebf1e8bfaffd9e563e0da075719b49aeb2f219a1008e73bb171b96

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

11/30/2024 10:21:24 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Threat.Generic

17.2.1.10

File size:

664 KB (679,936 bytes)

Product version:

1.00

Original file name:

BDEMMCFG

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\windows\14657.exe

File PE Metadata

Compilation timestamp:

11/19/2016 3:59:11 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x3584

Entry point:

68, FC, 39, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, E7, 47, 45, 18, 0E, 98, 51, 47, A1, 5C, 2E, 3F, 17, E6, 45, F8, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 50, 72, 6F, 6A, 65, 63, 74, 31, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 13, DE, 2D, 84, 51, 81, 13, 57, 44, B0, 00, 64, 0A, A9, FA, 08, E7, 13, 33, CE, 61, AF, AE, 60, 45, A6, 95, 80, 2F, A3, A9, B8, 23, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00... 
[+]

Entropy:

4.3946

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

192 KB (196,608 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

88ec4

Command:

53a76.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to vip1.g5.cachefly.net (66.225.197.197:80)

TCP (HTTP):

Connects to static.248.127.63.178.clients.your-server.de (178.63.127.248:80)

TCP (HTTP SSL):

Connects to server-54-240-162-8.fra6.r.cloudfront.net (54.240.162.8:443)

TCP (HTTP):

Connects to server-54-192-25-66.mxp4.r.cloudfront.net (54.192.25.66:80)

TCP (HTTP):

Connects to ec2-54-169-224-186.ap-southeast-1.compute.amazonaws.com (54.169.224.186:80)

TCP (HTTP):

Connects to ec2-52-58-35-133.eu-central-1.compute.amazonaws.com (52.58.35.133:80)

TCP (HTTP):

Connects to ec2-52-207-114-118.compute-1.amazonaws.com (52.207.114.118:80)

TCP (HTTP):

Connects to c0.a2.2ca9.ip4.static.sl-reverse.com (169.44.162.192:80)

TCP (HTTP):

Connects to static.78-46-116-97.clients.your-server.de (78.46.116.97:80)

TCP (HTTP):

Connects to hosted-by.hostdl.com.asiatech.ir (79.127.127.5:80)

TCP (HTTP):

Connects to ec2-52-48-98-178.eu-west-1.compute.amazonaws.com (52.48.98.178:80)

TCP (HTTP):

Connects to a23-50-149-163.deploy.static.akamaitechnologies.com (23.50.149.163:80)

Remove 14657.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.