8bf04bc1468192d6aaef878756167f96.exe

The application 8bf04bc1468192d6aaef878756167f96.exe has been detected as a potentially unwanted program by 16 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 17130 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address 173.192.219.48-static.reverse.softlayer.com on port 80 using the HTTP protocol.
MD5:
c3acc7ebcada33118cc9fffb3fff54c7

SHA-1:
596b675717fe4e5be61fde16b228e01d397cb1de

SHA-256:
cde90b0dc2e664790858a9069d951408f02bbc7480e4509c270e1b589ace0459

Scanner detections:
16 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 9:24:59 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.145649
952

AhnLab V3 Security
PUP/Win32.PirritSuggestor
2014.06.28

Avira AntiVirus
TR/Graftor.145484.1
7.11.157.120

avast!
Win32:Malware-gen
140617-1

AVG
Adware Generic5.AYAL
2014.0.3986

Bitdefender
Gen:Variant.Adware.Graftor.145649
1.0.20.890

Clam AntiVirus
Win.Adware.Graftor-148
0.98/19086

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.145649
8.14.06.27.07

ESET NOD32
Win32/AdWare.Pirrit.A application
7.0.302.0

F-Secure
Gen:Variant.Adware.Graftor.145649
11.2014-27-06_6

G Data
Gen:Variant.Adware.Graftor.145649
14.6.24

K7 AntiVirus
Adware
13.180.12553

MicroWorld eScan
Gen:Variant.Adware.Graftor.145649
15.0.0.534

Panda Antivirus
Trj/Genetic.gen
14.07.03.12

Reason Heuristics
Threat.Win.Reputation.IMP
14.7.3.0

VIPRE Antivirus
Threat.4150696
29708

File size:
290.5 KB (297,509 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\8178db62f501661e66d9b8f7a0017470\8bf04bc1468192d6aaef878756167f96.exe

File PE Metadata
Compilation timestamp:
6/24/2014 8:42:13 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.23

CTPH (ssdeep):
6144:OyfPDM+DZ0l0Gd+yOAgo4PKFR+EDyl0V+GvmJyj/KiKIMQGJ7cMcTrEt3+bv:O/aZ8HKPKFR+KycfvmUj/gJ+fv

Entry address:
0x1590

Entry point:
83, EC, 1C, C7, 04, 24, 02, 00, 00, 00, FF, 15, 2C, 79, 44, 00, E8, DB, FB, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, A1, 58, 79, 44, 00, FF, E0, 89, F6, 8D, BC, 27, 00, 00, 00, 00, A1, 4C, 79, 44, 00, FF, E0, 90, 90, 90, 90, 90, 90, 90, 90, 90, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, B0, 43, 00, E8, A6, 74, 02, 00, BA, F8, 71, 42, 00, 83, EC, 04, 85, C0, 74, 15, C7, 44, 24, 04, 13, B0, 43, 00, 89, 04, 24, E8, 92, 74, 02, 00, 83, EC, 08, 89, C2, 85, D2, 74, 11, C7, 44, 24, 04, 08, 60, 44, 00, C7...
 
[+]

Code size:
226 KB (231,424 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:17130/

Local host port:
17130

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-243-38-90.compute-1.amazonaws.com  (54.243.38.90:80)

TCP (HTTP):
Connects to ec2-23-23-151-142.compute-1.amazonaws.com  (23.23.151.142:80)

TCP (HTTP):
Connects to 50.97.37.210-static.reverse.softlayer.com  (50.97.37.210:80)

TCP (HTTP):
Connects to 50.97.239.67-static.reverse.softlayer.com  (50.97.239.67:80)

TCP (HTTP):
Connects to 173.192.219.48-static.reverse.softlayer.com  (173.192.219.48:80)

Remove 8bf04bc1468192d6aaef878756167f96.exe - Powered by Reason Core Security