a57eeb101cdfb5c17d8102e57ed49a51.exe

The executable a57eeb101cdfb5c17d8102e57ed49a51.exe has been detected as malware by 8 anti-virus scanners. While running, it connects to the Internet address static-200-69-125-144.static.etb.net.co on port 80 using the HTTP protocol.
Version:
2.37.2.27

MD5:
d0f1927f09c8740311f71eafb9fbf7a5

SHA-1:
b27a24ff3a8a49e624c3f2664f156a128697fbe0

SHA-256:
50424677d2dc624989c0844c14445f1449b04cdd8d277a1641e5e83ed3e045f6

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
11/26/2024 11:54:40 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Avira AntiVirus
W32/Sality.AT
7.11.30.172

Arcabit
Trojan.Kazy.DB96F2
1.0.0.585

Bitdefender
Gen:Variant.Kazy.759538
1.0.20.1600

Emsisoft Anti-Malware
Gen:Variant.Kazy.759538
8.15.11.16.12

F-Secure
Gen:Variant.Kazy.759538
11.2015-16-11_2

G Data
Gen:Variant.Kazy.759538
15.11.25

MicroWorld eScan
Gen:Variant.Kazy.759538
16.0.0.960

Rising Antivirus
PE:Malware.RDM.32!5.26[F1]
23.00.65.151012

File size:
309.5 KB (316,928 bytes)

Product version:
2.37.2.27

Original file name:
4CSPV5.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wnetenhancer\wnetenhancer internet enhancer\a57eeb101cdfb5c17d8102e57ed49a51.exe

File PE Metadata
Compilation timestamp:
10/14/2015 9:32:08 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:J5r4Isytul9U4X98iP3vZlINSJfY351XlyX5nzJB3S9u:J5r4I4l9U1qGSJfYp11k5nzP3Sw

Entry address:
0x4EA4E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.9075

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
307 KB (314,368 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to edge-video-shv-01-atl3.fbcdn.net  (31.13.65.14:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-mia1.facebook.com  (31.13.73.36:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-02-mia1.fbcdn.net  (157.240.0.22:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-mia1.facebook.com  (31.13.73.1:443)

TCP (HTTP):
Connects to rtr3.l7.search.vip.bf1.yahoo.com  (63.250.200.63:80)

TCP (HTTP):
Connects to static-200-69-125-144.static.etb.net.co  (200.69.125.144:80)

TCP (HTTP SSL):
Connects to f0.65.2d.static.xlhost.com  (173.45.101.240:443)

TCP (HTTP):
Connects to cd.3e.559e.ip4.static.sl-reverse.com  (158.85.62.205:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-atl3.fbcdn.net  (31.13.65.7:443)

TCP (HTTP SSL):
Connects to static-200-69-125-137.static.etb.net.co  (200.69.125.137:443)

TCP (HTTP):
Connects to server-54-230-163-75.jax1.r.cloudfront.net  (54.230.163.75:80)

TCP (HTTP):
Connects to server-54-230-163-130.jax1.r.cloudfront.net  (54.230.163.130:80)

TCP (HTTP):
Connects to IP-130-73-156-104.static.fibrenoire.ca  (104.156.73.130:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-02-mia1.facebook.com  (157.240.0.35:443)

TCP (HTTP):
Connects to crl.comodoca.com.cdn.cloudflare.net  (178.255.83.2:80)

TCP (HTTP SSL):
Connects to a23-0-83-146.deploy.static.akamaitechnologies.com  (23.0.83.146:443)

TCP (HTTP SSL):
Connects to a184-51-126-90.deploy.static.akamaitechnologies.com  (184.51.126.90:443)

TCP (HTTP):
Connects to server-54-230-163-76.jax1.r.cloudfront.net  (54.230.163.76:80)

TCP (HTTP SSL):
Connects to ec2-35-162-61-205.us-west-2.compute.amazonaws.com  (35.162.61.205:443)

TCP (HTTP):
Connects to a104-91-152-56.deploy.static.akamaitechnologies.com  (104.91.152.56:80)

Remove a57eeb101cdfb5c17d8102e57ed49a51.exe - Powered by Reason Core Security