8da404e148cd400f4dfb8efdfa25ee2d.exe

The application 8da404e148cd400f4dfb8efdfa25ee2d.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “d0c22fb002f28d9cb5e3a6619e967a68”. This file is typically installed with the program Social2Search which is a potentially unwanted software program. While running, it connects to the Internet address n1plpkivs-v03.any.prod.ams1.secureserver.net on port 80 using the HTTP protocol.
Version:
11.12.1.240

MD5:
bc34634d6721e818f69e8032c1d34eb8

SHA-1:
ed1710f58a8c24968bb6671f761588de6a778f2e

SHA-256:
0c832d4462e177fe3a30257e277ff6375c0c05dfa7d584dcbf3b0a4be18e1fdc

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 10:36:52 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Riskware.NetFilter
17.1.16.15

File size:
37.4 MB (39,232,000 bytes)

Product version:
11.12.1.240

Copyright:
Copyright (C) 2014

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\d0c22fb002f28d9cb5e3a6619e967a68\8da404e148cd400f4dfb8efdfa25ee2d.exe

File PE Metadata
Compilation timestamp:
1/12/2017 12:27:27 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x2582CDC

Entry point:
E9, 6A, 00, 00, 00, 27, 85, 3A, 7F, D1, DE, A1, 70, 07, 9F, D2, 44, 0E, DE, 07, 1C, 52, AE, B7, B3, 6E, 1C, FB, 4E, 32, 95, 9C, 98, DF, 5E, 91, A6, E5, 4E, 06, 96, 5C, 0C, 08, 7C, 09, FD, 7F, 93, 24, 0F, A9, DC, B7, 25, 96, B7, 3F, 45, 75, 08, 74, D7, AF, 7C, D6, 03, 95, 8F, EC, 07, 24, 4B, 52, 24, A5, 77, FA, 5E, 32, 2A, CF, 34, D0, EE, 8A, 29, 42, 7A, 6C, 9A, B4, 17, 44, D4, EE, CA, D2, 60, 1E, D9, 85, 73, ED, AF, 9F, 02, 0D, 4E, B2, 5A, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90...
 
[+]

Entropy:
1.4388

Packer / compiler:
Xtreme-Protector v1.05

Code size:
35.4 MB (37,136,896 bytes)

Service
Display name:
d0c22fb002f28d9cb5e3a6619e967a68

Type:
Win32OwnProcess

Depends on:
RPCSS


The file 8da404e148cd400f4dfb8efdfa25ee2d.exe has been discovered within the following program.

Social2Search  by Social2Search
www.technologietrudeau.com
About 61% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ocsp.comodoca.com  (178.255.83.1:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to a1plpkivs-v01.any.prod.ash1.secureserver.net  (72.167.239.237:80)

TCP (HTTP):
Connects to sg2plpkivs-v03.any.prod.sin2.secureserver.net  (182.50.136.239:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to vip1.g5.cachefly.net  (66.225.197.197:80)

TCP (HTTP):
Connects to server-54-230-182-91.icn50.r.cloudfront.net  (54.230.182.91:80)

TCP (HTTP):
Connects to server-54-230-182-52.icn50.r.cloudfront.net  (54.230.182.52:80)

TCP (HTTP):
Connects to server-54-230-182-38.icn50.r.cloudfront.net  (54.230.182.38:80)

TCP (HTTP):
Connects to server-54-230-182-212.icn50.r.cloudfront.net  (54.230.182.212:80)

TCP (HTTP):
Connects to server-54-230-182-190.icn50.r.cloudfront.net  (54.230.182.190:80)

TCP (HTTP):
Connects to server-54-230-182-11.icn50.r.cloudfront.net  (54.230.182.11:80)

TCP (HTTP):
Connects to server-54-192-129-20.ams50.r.cloudfront.net  (54.192.129.20:80)

TCP (HTTP):
Connects to server-54-192-129-101.ams50.r.cloudfront.net  (54.192.129.101:80)

TCP (HTTP):
Connects to n1plpkivs-v03.any.prod.ams1.secureserver.net  (188.121.36.239:80)

TCP (HTTP):
Connects to arn09s10-in-f142.1e100.net  (216.58.211.142:80)

TCP (HTTP):

Remove 8da404e148cd400f4dfb8efdfa25ee2d.exe - Powered by Reason Core Security