a0a54a0bb4e9c9dd42018c1fcd5a30df.exe

The application a0a54a0bb4e9c9dd42018c1fcd5a30df.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Social2Search which is a potentially unwanted software program. While running, it connects to the Internet address 125.235.36.138.adsl.viettel.vn on port 80 using the HTTP protocol.
Version:
11.12.1.194

MD5:
e2e126f8747ec33b85c0d96795ad8e85

SHA-1:
342211b7681242ed2958bdd044caaab440d7c46a

SHA-256:
00ec1bcfe1557853b679792f88daa9df42a9ba4854e458a79f842a8e5e8a5760

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 5:17:56 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Wajam
16.12.16.20

File size:
4.5 MB (4,679,168 bytes)

Product version:
11.12.1.194

Copyright:
Copyright (C) 2014

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\fecf199f15449ea5da64fcf46871b75d\a0a54a0bb4e9c9dd42018c1fcd5a30df.exe

File PE Metadata
Compilation timestamp:
12/16/2016 4:21:27 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x48B0E4

Entry point:
E9, E0, 00, 00, 00, A6, 44, CF, DB, 68, C7, 14, C6, AC, 67, F1, E2, 5E, 2E, 38, C5, 88, DB, 2D, C2, 7C, 5F, 3E, 2D, A0, 16, 40, 6E, C0, CE, 8C, 7F, 2F, 17, 11, 7F, 8A, 54, 2A, FD, 83, 33, 5A, 1D, E4, DE, AF, 39, CF, A5, EE, B1, D9, E8, 56, 72, 87, F8, 8D, 77, 58, 4D, 94, CA, 4D, B4, C4, CD, AE, 5E, 42, 42, 73, E8, 60, E3, 0F, 53, 5B, 0B, 87, FB, F1, 2D, A1, 05, 40, 29, 73, 54, 5E, 32, B3, FC, 9C, 61, A8, CB, 82, 9F, E7, 4D, C5, FC, 64, F2, 66, B4, FC, 40, 3C, D7, F7, A4, 7F, F8, A8, 56, B6, 40, 2C, EC, 82...
 
[+]

Packer / compiler:
Xtreme-Protector v1.05

Code size:
3.2 MB (3,310,080 bytes)

The file a0a54a0bb4e9c9dd42018c1fcd5a30df.exe has been discovered within the following program.

Social2Search  by Social2Search
www.technologietrudeau.com
About 61% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to e3-1230v2.bl-ash0.1.1.2.5.a4.securedservers.com  (131.153.5.194:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to a23-59-133-163.deploy.static.akamaitechnologies.com  (23.59.133.163:80)

TCP (HTTP):
Connects to a23-44-149-163.deploy.static.akamaitechnologies.com  (23.44.149.163:80)

TCP (HTTP):
Connects to ocsp.comodoca.com  (178.255.83.1:80)

TCP (HTTP):
Connects to ee-ocsp-origin.ilg.ws.symantec.net  (69.58.181.240:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to 125.235.36.138.adsl.viettel.vn  (125.235.36.138:80)

Remove a0a54a0bb4e9c9dd42018c1fcd5a30df.exe - Powered by Reason Core Security