{6ae11fc7-5aaf-401c-8438-ef3bbc2bb80b}.exe

toolmini Application

会利 穆

The application {6ae11fc7-5aaf-401c-8438-ef3bbc2bb80b}.exe by 会利 穆 has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
会利 穆  (signed and verified)

Product:
toolmini Application

Version:
1.0.0.195

MD5:
ae2d2e68867b0c69bf90d5c4205867c7

SHA-1:
619fd9fe78d8d5ecf7c9793c472cd53e58ec70f1

SHA-256:
a5b054ab8598d8a6ff01efc62e564339d2945a2507d4e4290ce3ce16d6fab70e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 2:29:42 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ScreenShotPro
17.1.3.3

File size:
839.6 KB (859,752 bytes)

Product version:
1.0.0.195

Copyright:
Copyright (C) 2015

Original file name:
toolmini.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\temp\{6ae11fc7-5aaf-401c-8438-ef3bbc2bb80b}.exe

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
5/2/2016 5:00:00 PM

Valid to:
5/3/2017 4:59:59 PM

Subject:
CN=会利 穆, OU=Individual Developer, O=No Organization Affiliation, L=重庆, S=重庆, C=CN

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
48F3F78989543487468769E5B994702A

File PE Metadata
Compilation timestamp:
12/28/2016 11:45:07 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x54F9A

Entry point:
E8, E6, AD, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 56, 33, F6, 39, 75, 0C, 75, 1D, E8, F7, 32, 00, 00, 56, 56, 56, 56, 56, C7, 00, 16, 00, 00, 00, E8, 5B, E9, FF, FF, 83, C4, 14, 83, C8, FF, EB, 27, FF, 75, 14, 8D, 45, E0, FF, 75, 10, C7, 45, E4, FF, FF, FF, 7F, FF, 75, 0C, C7, 45, EC, 42, 00, 00, 00, 50, 89, 75, E8, 89, 75, E0, FF, 55, 08, 83, C4, 10, 5E, C9, C3, 8B, FF, 55, 8B, EC, FF, 75, 0C, 6A, 00, FF, 75, 08, 68, 94, A8, 45, 00, E8, 92, FF, FF, FF, 83, C4, 10, 5D, C3, 8B, FF, 55...
 
[+]

Entropy:
6.6762

Code size:
493 KB (504,832 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-1-105-171.compute-1.amazonaws.com  (52.1.105.171:80)

TCP (HTTP):
Connects to ec2-34-196-63-171.compute-1.amazonaws.com  (34.196.63.171:80)

TCP (HTTP):
Connects to ec2-54-236-119-173.compute-1.amazonaws.com  (54.236.119.173:80)

TCP (HTTP):
Connects to ec2-52-204-49-223.compute-1.amazonaws.com  (52.204.49.223:80)

TCP (HTTP):
Connects to ec2-54-165-188-245.compute-1.amazonaws.com  (54.165.188.245:80)

TCP (HTTP):
Connects to ec2-52-73-128-102.compute-1.amazonaws.com  (52.73.128.102:80)

TCP (HTTP):
Connects to ec2-52-200-118-41.compute-1.amazonaws.com  (52.200.118.41:80)

TCP (HTTP):
Connects to i0-h0-s5.p0-gig.cdngp.net  (174.35.87.70:80)

TCP (HTTP):
Connects to i0-h0-s4.p0-gig.cdngp.net  (174.35.87.69:80)

TCP (HTTP):
Connects to ec2-52-86-120-91.compute-1.amazonaws.com  (52.86.120.91:80)

TCP (HTTP):
Connects to i0-h0-s3.p0-gig.cdngp.net  (174.35.87.68:80)

TCP (HTTP):
Connects to IP-84-2.napinfo.net  (110.35.84.2:80)

TCP (HTTP):
Connects to i0-h0-s2.p0-gig.cdngp.net  (174.35.87.67:80)

TCP (HTTP):
Connects to IP-84-5.napinfo.net  (110.35.84.5:80)

TCP (HTTP):
Connects to i0-h0-s1.p0-gig.cdngp.net  (174.35.87.66:80)

TCP (HTTP):
Connects to IP-84-8.napinfo.net  (110.35.84.8:80)

TCP (HTTP):
Connects to IP-84-131.napinfo.net  (110.35.84.131:80)

TCP (HTTP):
Connects to i0-h0-s2037.p9-jfk.cdngp.net  (174.35.73.106:80)

TCP (HTTP):
Connects to i0-h0-s2024.p9-jfk.cdngp.net  (174.35.73.93:80)

TCP (HTTP):
Connects to i0-h0-s2022.p9-jfk.cdngp.net  (174.35.73.91:80)

Remove {6ae11fc7-5aaf-401c-8438-ef3bbc2bb80b}.exe - Powered by Reason Core Security