home

4cf5797951b3c937eadfe70af9671e35.patcher

The file 4cf5797951b3c937eadfe70af9671e35.patcher has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “7e276d175d48f59765b0da44421c2154”.
Version:
11.12.10.161

MD5:
0eb79f127bb92960ec2aabf566f99d50

SHA-1:
8d6d343c63a6852574ca98f6a39c99684bedae5b

SHA-256:
8b7e435f5a2e851bd095ead991e52eb2a3ea6960b1acb5d0b19101518d4f5e51

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 10:34:48 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Riskware.NetFilter
17.1.11.21

File size:
5.4 MB (5,675,520 bytes)

Product version:
11.12.10.161

Copyright:
Copyright (C) 2014

Language:
English (United States)

Common path:
C:\Program Files\8897cd40cd8b5328922bd3c1cb5d90ba\4cf5797951b3c937eadfe70af9671e35.patcher

File PE Metadata
Compilation timestamp:
1/10/2017 12:49:24 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x582CC0

Entry point:
E9, 6F, 00, 00, 00, 75, 4B, AE, FC, F3, 4A, BA, 63, C4, F1, 96, 8D, EE, CB, F8, 1B, 0F, D9, 20, 4B, 35, 45, D0, 5A, 5F, B4, DA, A9, 0F, 70, D7, 81, 1B, 2A, 43, 63, C2, 1C, BE, 38, 2D, E1, 1D, E6, C6, 9C, F1, 7F, 3C, E3, E0, 9B, 7B, 10, 4C, 9E, 70, C5, B4, EE, 7C, 76, 59, D9, C8, 21, 74, 36, FD, 92, 26, 7B, 82, E7, 53, DD, BD, 9F, 29, 2B, 92, F8, 7C, 6D, 7F, 58, 2E, 19, 26, 14, D6, 51, 9A, 46, 5F, 74, BE, 91, C8, 84, 19, EB, 4F, 31, D5, EE, 17, 78, E9, 33, 24, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90...
 
[+]

Packer / compiler:
Xtreme-Protector v1.05

Code size:
3.4 MB (3,580,928 bytes)

Service
Display name:
7e276d175d48f59765b0da44421c2154

Type:
Win32OwnProcess

Depends on:
RPCSS


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a23-15-155-27.deploy.static.akamaitechnologies.com  (23.15.155.27:80)

TCP (HTTP):
Connects to sg2plpkivs-v03.any.prod.sin2.secureserver.net  (182.50.136.239:80)

TCP (HTTP):
Connects to a23-41-75-27.deploy.static.akamaitechnologies.com  (23.41.75.27:80)

TCP (HTTP):
Connects to a23-15-149-163.deploy.static.akamaitechnologies.com  (23.15.149.163:80)

TCP (HTTP):
Connects to a23-50-91-27.deploy.static.akamaitechnologies.com  (23.50.91.27:80)

TCP (HTTP):
Connects to sg2plpkivs-v02.any.prod.sin2.secureserver.net  (182.50.136.238:80)

TCP (HTTP):
Connects to a23-58-43-27.deploy.static.akamaitechnologies.com  (23.58.43.27:80)

TCP (HTTP):
Connects to sg2plpkivs-v01.any.prod.sin2.secureserver.net  (182.50.136.237:80)

TCP (HTTP):
Connects to ocsp.comodoca.com  (178.255.83.1:80)

TCP (HTTP):
Connects to ee-ocsp-origin.ilg.ws.symantec.net  (69.58.181.240:80)

TCP (HTTP):
Connects to d3-1-0-0-5-0.a02.nycmny01.us.ra.verio.net  (165.254.57.17:80)

TCP (HTTP):
Connects to crl.comodoca.com.cdn.cloudflare.net  (178.255.83.2:80)

TCP (HTTP):
Connects to broadband.actcorp.in  (123.176.33.50:80)

TCP (HTTP):
Connects to a23-56-155-27.deploy.static.akamaitechnologies.com  (23.56.155.27:80)

TCP (HTTP):
Connects to a23-49-75-27.deploy.static.akamaitechnologies.com  (23.49.75.27:80)

TCP (HTTP):
Connects to a23-35-91-27.deploy.static.akamaitechnologies.com  (23.35.91.27:80)

TCP (HTTP):
Connects to ws202-233-252-122.rcil.gov.in  (122.252.233.202:80)

TCP (HTTP):
Connects to vip1.g5.cachefly.net  (66.225.197.197:80)

TCP (HTTP):
Connects to static.vnpt.vn  (113.171.230.88:80)

TCP (HTTP):
Connects to server-52-85-151-81.hkg51.r.cloudfront.net  (52.85.151.81:80)

Remove 4cf5797951b3c937eadfe70af9671e35.patcher - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.