ailments.exe

Ailments

The application ailments.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named 23070041 triggered to execute each time a user logs in. While running, it connects to the Internet address cdce.nym011.internap.com on port 80 using the HTTP protocol.
Publisher:
Ailments

Product:
Ailments

Version:
7.4.1.61

MD5:
bb71e5d98bfb8ab510b55e62fa3e92d3

SHA-1:
173f0fd25e1609f03116ea9fdf59e4649ee38967

SHA-256:
b797a73a4e51c9b48517d3bbc92cd2cdb031783e4f84aebafc9f5da507cc9e7e

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 2:06:23 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Adware.Dotdo.AP application
6.3.12010.0

Reason Heuristics
Adware.Dotdo.ET (M)
17.2.17.2

File size:
10.5 KB (10,752 bytes)

Product version:
7.4.1.61

Copyright:
Copyright © Ailments 2017

Trademarks:
© 2017 Ailments

Original file name:
ailments.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\snape\ailments.exe

File PE Metadata
Compilation timestamp:
2/16/2017 5:06:28 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x3C9E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.0688

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
7.5 KB (7,680 bytes)

Scheduled Task
Task name:
23070041

Trigger:
Logon (Runs on logon)

Description:
2307004123070041


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-52-85-94-212.jfk5.r.cloudfront.net  (52.85.94.212:80)

TCP (HTTP):
Connects to lb-web.ustream.tv  (199.66.238.212:80)

TCP (HTTP):
Connects to eb.83.1732.ip4.static.sl-reverse.com  (50.23.131.235:80)

TCP (HTTP):
Connects to server-52-85-94-15.jfk5.r.cloudfront.net  (52.85.94.15:80)

TCP (HTTP):
Connects to 46.c8.c0ad.ip4.static.sl-reverse.com  (173.192.200.70:80)

TCP (HTTP):
Connects to cdce.nym011.internap.com  (63.251.19.11:80)

TCP (HTTP):
Connects to static.hosted-by.miamidedicated.com  (162.222.193.17:80)

TCP (HTTP):
Connects to hosted-by.instantdedicated.com  (188.95.50.96:80)

TCP (HTTP):
Connects to server-52-85-94-87.jfk5.r.cloudfront.net  (52.85.94.87:80)

TCP (HTTP):
Connects to server-52-85-94-146.jfk5.r.cloudfront.net  (52.85.94.146:80)

Remove ailments.exe - Powered by Reason Core Security