home

5f55401a4e1bef6.exe

The application 5f55401a4e1bef6.exe has been detected as a potentially unwanted program by 3 anti-malware scanners.
MD5:
38c2ce1d38bf3fb52eb61b0864539032

SHA-1:
59ab0d85bd56d7511711f09af3c04ff426a1451c

SHA-256:
d2d61c0be3e8c7f626975c51e44de19b1b1a3c3b24974507dedea91b90a934c9

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/8/2024 11:42:27 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:PirritSuggestor-B [Adw]
2014.9-140527

Baidu Antivirus
Adware.Win32.Pirrit
4.0.3.14527

ESET NOD32
Win32/AdWare.Pirrit (variant)
8.9855

File size:
282 KB (288,768 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\952281874578127e33efb4a1c5ae9ecb\5f55401a4e1bef6.exe

File PE Metadata
Compilation timestamp:
5/27/2014 10:44:58 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.23

CTPH (ssdeep):
6144:4WOjYaGlGqFyjAZX6a0qJISo2vcnMOOvO5yvlPa8vuMcTyEt3+1:o5qCCo2vcn6vOkd/uo

Entry address:
0x1590

Entry point:
83, EC, 1C, C7, 04, 24, 02, 00, 00, 00, FF, 15, 24, 59, 44, 00, E8, DB, FB, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, A1, 50, 59, 44, 00, FF, E0, 89, F6, 8D, BC, 27, 00, 00, 00, 00, A1, 44, 59, 44, 00, FF, E0, 90, 90, 90, 90, 90, 90, 90, 90, 90, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, 90, 43, 00, E8, 56, 56, 02, 00, BA, A8, 53, 42, 00, 83, EC, 04, 85, C0, 74, 15, C7, 44, 24, 04, 13, 90, 43, 00, 89, 04, 24, E8, 42, 56, 02, 00, 83, EC, 08, 89, C2, 85, D2, 74, 11, C7, 44, 24, 04, 08, 40, 44, 00, C7...
 
[+]

Entropy:
6.3769

Code size:
217.5 KB (222,720 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP):
Connects to web.de  (212.227.222.9:80)

TCP (HTTP):
Connects to retarget.lc.dc.openx.org  (173.241.244.7:80)

TCP (HTTP):
Connects to r2.ycpi.vip.ams.yahoo.net  (66.196.66.213:80)

TCP (HTTP):
Connects to og-in-f95.1e100.net  (74.125.198.95:80)

TCP (HTTP):
Connects to ham02s14-in-f31.1e100.net  (173.194.44.95:80)

TCP (HTTP):
Connects to ham02s14-in-f30.1e100.net  (173.194.44.94:80)

TCP (HTTP):
Connects to ham02s14-in-f24.1e100.net  (173.194.44.88:80)

TCP (HTTP):
Connects to ham02s14-in-f20.1e100.net  (173.194.44.84:80)

TCP (HTTP):
Connects to ham02s14-in-f16.1e100.net  (173.194.44.80:80)

TCP (HTTP):
Connects to fra02s20-in-f31.1e100.net  (173.194.113.63:80)

TCP (HTTP):
Connects to ewe-ol-GGC-Node1-host2-148.cache.google.com  (80.228.65.148:80)

TCP (HTTP):
Connects to ee-in-f157.1e100.net  (173.194.65.157:80)

TCP (HTTP):
Connects to ee-in-f156.1e100.net  (173.194.65.156:80)

TCP (HTTP):
Connects to ee-in-f154.1e100.net  (173.194.65.154:80)

TCP (HTTP):
Connects to ee-in-f138.1e100.net  (173.194.65.138:80)

TCP (HTTP):
Connects to ee-in-f113.1e100.net  (173.194.65.113:80)

TCP (HTTP):
Connects to ee-in-f100.1e100.net  (173.194.65.100:80)

TCP (HTTP):
Connects to ec2-54-225-210-0.compute-1.amazonaws.com  (54.225.210.0:80)

TCP (HTTP):
Connects to ea-in-f91.1e100.net  (74.125.136.91:80)

Remove 5f55401a4e1bef6.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.