» 8da404e148cd400f4dfb8efdfa25ee2d.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (25)

8da404e148cd400f4dfb8efdfa25ee2d.exe

The application 8da404e148cd400f4dfb8efdfa25ee2d.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “d0c22fb002f28d9cb5e3a6619e967a68”. This file is typically installed with the program Social2Search which is a potentially unwanted software program. While running, it connects to the Internet address n1plpkivs-v03.any.prod.ams1.secureserver.net on port 80 using the HTTP protocol.

File name:

Version:

11.12.1.240

MD5:

bc34634d6721e818f69e8032c1d34eb8

SHA-1:

ed1710f58a8c24968bb6671f761588de6a778f2e

SHA-256:

0c832d4462e177fe3a30257e277ff6375c0c05dfa7d584dcbf3b0a4be18e1fdc

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/24/2024 8:33:37 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Riskware.NetFilter

17.1.16.15

File size:

37.4 MB (39,232,000 bytes)

Product version:

11.12.1.240

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\d0c22fb002f28d9cb5e3a6619e967a68\8da404e148cd400f4dfb8efdfa25ee2d.exe

File PE Metadata

Compilation timestamp:

1/12/2017 12:27:27 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x2582CDC

Entry point:

E9, 6A, 00, 00, 00, 27, 85, 3A, 7F, D1, DE, A1, 70, 07, 9F, D2, 44, 0E, DE, 07, 1C, 52, AE, B7, B3, 6E, 1C, FB, 4E, 32, 95, 9C, 98, DF, 5E, 91, A6, E5, 4E, 06, 96, 5C, 0C, 08, 7C, 09, FD, 7F, 93, 24, 0F, A9, DC, B7, 25, 96, B7, 3F, 45, 75, 08, 74, D7, AF, 7C, D6, 03, 95, 8F, EC, 07, 24, 4B, 52, 24, A5, 77, FA, 5E, 32, 2A, CF, 34, D0, EE, 8A, 29, 42, 7A, 6C, 9A, B4, 17, 44, D4, EE, CA, D2, 60, 1E, D9, 85, 73, ED, AF, 9F, 02, 0D, 4E, B2, 5A, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90, 90... 
[+]

Entropy:

1.4388

Packer / compiler:

Xtreme-Protector v1.05

Code size:

35.4 MB (37,136,896 bytes)

Service

Display name:

d0c22fb002f28d9cb5e3a6619e967a68

Type:

Win32OwnProcess

Depends on:

RPCSS

The file 8da404e148cd400f4dfb8efdfa25ee2d.exe has been discovered within the following program.

Social2Search by Social2Search

www.technologietrudeau.com

About 61% of users remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to ocsp.comodoca.com (178.255.83.1:80)

TCP (HTTP):

Connects to a23-65-139-27.deploy.static.akamaitechnologies.com (23.65.139.27:80)

TCP (HTTP):

Connects to a23-49-155-27.deploy.static.akamaitechnologies.com (23.49.155.27:80)

TCP (HTTP):

Connects to a1plpkivs-v01.any.prod.ash1.secureserver.net (72.167.239.237:80)

TCP (HTTP):

Connects to sg2plpkivs-v03.any.prod.sin2.secureserver.net (182.50.136.239:80)

TCP (HTTP):

Connects to a23-50-91-27.deploy.static.akamaitechnologies.com (23.50.91.27:80)

TCP (HTTP):

Connects to a23-4-37-163.deploy.static.akamaitechnologies.com (23.4.37.163:80)

TCP (HTTP):

Connects to a23-15-155-27.deploy.static.akamaitechnologies.com (23.15.155.27:80)

TCP (HTTP):

Connects to vip1.g5.cachefly.net (66.225.197.197:80)

TCP (HTTP):

Connects to server-54-230-182-91.icn50.r.cloudfront.net (54.230.182.91:80)

TCP (HTTP):

Connects to server-54-230-182-52.icn50.r.cloudfront.net (54.230.182.52:80)

TCP (HTTP):

Connects to server-54-230-182-38.icn50.r.cloudfront.net (54.230.182.38:80)

TCP (HTTP):

Connects to server-54-230-182-212.icn50.r.cloudfront.net (54.230.182.212:80)

TCP (HTTP):

Connects to server-54-230-182-190.icn50.r.cloudfront.net (54.230.182.190:80)

TCP (HTTP):

Connects to server-54-230-182-11.icn50.r.cloudfront.net (54.230.182.11:80)

TCP (HTTP):

Connects to server-54-192-129-20.ams50.r.cloudfront.net (54.192.129.20:80)

TCP (HTTP):

Connects to server-54-192-129-101.ams50.r.cloudfront.net (54.192.129.101:80)

TCP (HTTP):

Connects to n1plpkivs-v03.any.prod.ams1.secureserver.net (188.121.36.239:80)

TCP (HTTP):

Connects to arn09s10-in-f142.1e100.net (216.58.211.142:80)

TCP (HTTP):

Connects to a23-51-123-27.deploy.static.akamaitechnologies.com (23.51.123.27:80)

Remove 8da404e148cd400f4dfb8efdfa25ee2d.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.