9h2dtyq.exe

Kreapixel Network

The application 9h2dtyq.exe by Kreapixel Network has been detected as adware by 6 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named IHeKxSrjJcGK1FG triggered daily at a specified time.
Publisher:
Kreapixel Network  (signed and verified)

Version:
0.0.0.0

MD5:
90e36865a87406bfdebb89f9a07103f6

SHA-1:
14fa08491c4cf6bb20f57edbf8e2fbc7b82309b0

SHA-256:
ec827ffec0935573074036263925ee5b33df78891cdfcd99cb936548e01a596c

Scanner detections:
6 / 68

Status:
Adware

Analysis date:
12/25/2024 2:00:37 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Adware-CKQ [Adw]
2014.9-150324

AVG
Generic
2016.0.3160

Bkav FE
W32.HfsAdware
1.3.0.6379

ESET NOD32
MSIL/Adware.WinuSecu (variant)
9.11371

Reason Heuristics
PUP.Task.KreapixelNetwork
15.3.24.17

VIPRE Antivirus
Kreapixel Network
38736

File size:
38.8 KB (39,752 bytes)

Original file name:
t0.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\ppjzpk6\9h2dtyq.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
6/26/2014 5:00:00 PM

Valid to:
6/26/2015 4:59:59 PM

Subject:
CN=Kreapixel Network, OU=24, O=Kreapixel Network, L=Bergerac, S=Dordogne, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
08C337D1809F41539363BCF60D881AB2

File PE Metadata
Compilation timestamp:
3/24/2015 11:18:58 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:eh75PL3rBpWRHr9NxzmJWvBxuGftQhecufl:edYpnftQhC

Entry address:
0x723E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.1883

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
24 KB (24,576 bytes)

Scheduled Task
Task name:
IHeKxSrjJcGK1FG

Trigger:
Daily (Runs daily at 12:58 PM)


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Remove 9h2dtyq.exe - Powered by Reason Core Security