ac16662b327db3b13a71ff175b9a63e0.exe

The executable ac16662b327db3b13a71ff175b9a63e0.exe has been detected as malware by 4 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “d72b66b4cbe87fe5553a616ada33ae46”.
Version:
11.12.1.178

MD5:
685958c98463893a3f5e5810278f6e65

SHA-1:
20f611071bdbeaae308d0c1e16c67dfb84b0ef57

SHA-256:
240a110bf731d6037280eba2365c2dfb1d355d241f161dd2491a0b25f6ef8720

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
12/27/2024 10:04:59 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Win32.Trojan.WisdomEyes.16070401.9500
4.0.3.16127

Bkav FE
W64.HfsAutoB
1.3.0.8455

ESET NOD32
Win64/Riskware.NetFilter (variant)
10.14567

Rising Antivirus
Malware.Generic!LWBaYzVDL3O@5 (thunder)
23.00.65.161205

File size:
5.3 MB (5,564,928 bytes)

Product version:
11.12.1.178

Copyright:
Copyright (C) 2014

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\d72b66b4cbe87fe5553a616ada33ae46\ac16662b327db3b13a71ff175b9a63e0.exe

File PE Metadata
Compilation timestamp:
12/6/2016 11:58:34 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x568000

Entry point:
51, 48, 33, C9, 59, 90, 50, 58, 48, FF, C2, 48, FF, CA, 50, 58, 53, 48, 33, DB, 5B, 90, 48, FF, C0, 48, FF, C8, 50, 53, 5B, 48, FF, C1, 48, FF, C9, 48, FF, C2, 48, FF, CA, 53, 5B, 53, 48, 33, DB, 5B, 48, FF, C1, 48, FF, C9, 48, FF, C3, 48, FF, CB, 48, FF, C3, 48, FF, CB, 51, 50, 58, 53, 48, 33, DB, 5B, 48, FF, C3, 48, FF, CB, 48, FF, C2, 48, FF, CA, 48, FF, C2, 48, FF, CA, 52, 52, 48, 33, D2, 5A, 51, 48, 33, C9, 59, 53, 48, 33, DB, 5B, 52, 48, 33, D2, 5A, 48, FF, C3, 48, FF, CB, 90, 48, FF, C0, 48, FF, C8...
 
[+]

Code size:
3.8 MB (4,006,400 bytes)

Service
Display name:
d72b66b4cbe87fe5553a616ada33ae46

Type:
Win32OwnProcess

Depends on:
RPCSS


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to 125.235.36.176.adsl.viettel.vn  (125.235.36.176:80)

TCP (HTTP):
Connects to a1plpkivs-v01.any.prod.ash1.secureserver.net  (72.167.239.237:80)

TCP (HTTP):
Connects to a23-59-133-163.deploy.static.akamaitechnologies.com  (23.59.133.163:80)

TCP (HTTP):
Connects to a23-46-101-163.deploy.static.akamaitechnologies.com  (23.46.101.163:80)

Remove ac16662b327db3b13a71ff175b9a63e0.exe - Powered by Reason Core Security