» a57eeb101cdfb5c17d8102e57ed49a51.exe
Overview
Analysis
File Details
Network (75)

a57eeb101cdfb5c17d8102e57ed49a51.exe

The executable a57eeb101cdfb5c17d8102e57ed49a51.exe has been detected as malware by 8 anti-virus scanners. While running, it connects to the Internet address static-200-69-125-144.static.etb.net.co on port 80 using the HTTP protocol.

File name:

Version:

2.37.2.27

MD5:

d0f1927f09c8740311f71eafb9fbf7a5

SHA-1:

b27a24ff3a8a49e624c3f2664f156a128697fbe0

SHA-256:

50424677d2dc624989c0844c14445f1449b04cdd8d277a1641e5e83ed3e045f6

Scanner detections:

8 / 68

Status:

Malware

Analysis date:

11/2/2024 1:30:48 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

W32/Sality.AT

7.11.30.172

Arcabit

Trojan.Kazy.DB96F2

1.0.0.585

Bitdefender

Gen:Variant.Kazy.759538

1.0.20.1600

Emsisoft Anti-Malware

Gen:Variant.Kazy.759538

8.15.11.16.12

F-Secure

Gen:Variant.Kazy.759538

11.2015-16-11_2

G Data

Gen:Variant.Kazy.759538

15.11.25

MicroWorld eScan

Gen:Variant.Kazy.759538

16.0.0.960

Rising Antivirus

PE:Malware.RDM.32!5.26[F1]

23.00.65.151012

File size:

309.5 KB (316,928 bytes)

Product version:

2.37.2.27

Original file name:

4CSPV5.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\wnetenhancer\wnetenhancer internet enhancer\a57eeb101cdfb5c17d8102e57ed49a51.exe

File PE Metadata

Compilation timestamp:

10/14/2015 9:32:08 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:J5r4Isytul9U4X98iP3vZlINSJfY351XlyX5nzJB3S9u:J5r4I4l9U1qGSJfYp11k5nzP3Sw

Entry address:

0x4EA4E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

4.9075

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

307 KB (314,368 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to edge-video-shv-01-atl3.fbcdn.net (31.13.65.14:443)

TCP (HTTP SSL):

Connects to edge-star-mini-shv-01-mia1.facebook.com (31.13.73.36:443)

TCP (HTTP SSL):

Connects to xx-fbcdn-shv-02-mia1.fbcdn.net (157.240.0.22:443)

TCP (HTTP SSL):

Connects to edge-star-shv-01-mia1.facebook.com (31.13.73.1:443)

TCP (HTTP):

Connects to rtr3.l7.search.vip.bf1.yahoo.com (63.250.200.63:80)

TCP (HTTP):

Connects to static-200-69-125-144.static.etb.net.co (200.69.125.144:80)

TCP (HTTP SSL):

Connects to f0.65.2d.static.xlhost.com (173.45.101.240:443)

TCP (HTTP):

Connects to cd.3e.559e.ip4.static.sl-reverse.com (158.85.62.205:80)

TCP (HTTP SSL):

Connects to xx-fbcdn-shv-01-atl3.fbcdn.net (31.13.65.7:443)

TCP (HTTP SSL):

Connects to static-200-69-125-137.static.etb.net.co (200.69.125.137:443)

TCP (HTTP):

Connects to server-54-230-163-75.jax1.r.cloudfront.net (54.230.163.75:80)

TCP (HTTP):

Connects to server-54-230-163-130.jax1.r.cloudfront.net (54.230.163.130:80)

TCP (HTTP):

Connects to IP-130-73-156-104.static.fibrenoire.ca (104.156.73.130:80)

TCP (HTTP SSL):

Connects to edge-star-mini-shv-02-mia1.facebook.com (157.240.0.35:443)

TCP (HTTP):

Connects to crl.comodoca.com.cdn.cloudflare.net (178.255.83.2:80)

TCP (HTTP SSL):

Connects to a23-0-83-146.deploy.static.akamaitechnologies.com (23.0.83.146:443)

TCP (HTTP SSL):

Connects to a184-51-126-90.deploy.static.akamaitechnologies.com (184.51.126.90:443)

TCP (HTTP):

Connects to server-54-230-163-76.jax1.r.cloudfront.net (54.230.163.76:80)

TCP (HTTP SSL):

Connects to ec2-35-162-61-205.us-west-2.compute.amazonaws.com (35.162.61.205:443)

TCP (HTTP):

Connects to a104-91-152-56.deploy.static.akamaitechnologies.com (104.91.152.56:80)

Remove a57eeb101cdfb5c17d8102e57ed49a51.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.