alg.exe

CPAX20

SornSoft

The application alg.exe has been detected as a potentially unwanted program by 27 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Application Layer Gateway’. While running, it connects to the Internet address 2a.6a.acb8.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
SornSoft

Product:
CPAX20

Version:
1.0.0.0

MD5:
d475e244e17c9207d23e96e4e57c9ced

SHA-1:
73257df304b2c09ad69463b0a3ac1d705e23cee2

SHA-256:
2a8f79c0ace2c669eb9c25667121f6ad9e9b6f1383f1ec84327ae719502a671f

Scanner detections:
27 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 3:58:54 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.4356578
615

Agnitum Outpost
Trojan.Agent
7.1.1

avast!
Win32:Dropper-gen [Drp]
2014.9-150531

AVG
Generic19
2016.0.3093

Baidu Antivirus
Trojan.MSIL.Agent
4.0.3.15531

Bitdefender
Trojan.Generic.4356578
1.0.20.755

Clam AntiVirus
Win.Trojan.Agent-519368
0.98/21511

Emsisoft Anti-Malware
Trojan.Generic.4356578
8.15.05.31.09

ESET NOD32
MSIL/Agent.NCF (variant)
9.11562

Fortinet FortiGate
W32/Dx.TIA!tr
5/31/2015

F-Prot
W32/MalwareF.IPCL
v6.4.7.1.166

F-Secure
Trojan.Generic.4356578
11.2015-31-05_1

G Data
Trojan.Generic.4356578
15.5.25

IKARUS anti.virus
Trojan-Dropper.Agent
t3scan.1.8.9.0

McAfee
Artemis!D475E244E17C
5600.6749

MicroWorld eScan
Trojan.Generic.4356578
16.0.0.453

NANO AntiVirus
Trojan.Win32.Agent.ojtqc
0.30.24.1357

Norman
Suspicious_Gen2.CGEQS
11.20150531

nProtect
Trojan.Generic.4356578
15.04.30.01

Panda Antivirus
Generic Malware
15.05.31.09

Qihoo 360 Security
Win32/Trojan.430
1.0.0.1015

Sophos
Mal/Generic-S
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Dropper
9842

Trend Micro House Call
ADW_AGENT
7.2.151

Trend Micro
ADW_AGENT
10.465.31

VIPRE Antivirus
Trojan.Win32.Generic
39850

ViRobot
Trojan.Win32.S.Agent.33792.M[h]
2014.3.20.0

File size:
33 KB (33,792 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © SornSoft 2009

Original file name:
CPAX2.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\common files\alg.exe

File PE Metadata
Compilation timestamp:
1/26/2010 7:09:05 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:sxc/vAVUR9lEnW5bWDgU5354q+SRZMV+p3cafDKkSu3NGDR:sGHgDVWaK+p3FrKkN3q

Entry address:
0x8EBE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.4002

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
28 KB (28,672 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Application Layer Gateway

Command:
C:\Program Files\common files\alg.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-sit4.fbcdn.net  (31.13.78.17:443)

TCP (HTTP):
Connects to no.rdns.ukservers.com  (94.229.72.115:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-fra3.facebook.com  (31.13.93.36:443)

TCP (HTTP):
Connects to 2a.6a.acb8.ip4.static.sl-reverse.com  (184.172.106.42:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-frt3.facebook.com  (31.13.92.36:443)

TCP (HTTP):
Connects to admarketplace.dmarc.lga1.atlanticmetro.net  (108.60.149.202:80)

TCP (HTTP):
Connects to server-54-230-187-22.cdg51.r.cloudfront.net  (54.230.187.22:80)

TCP (HTTP):
Connects to server-54-230-187-24.cdg51.r.cloudfront.net  (54.230.187.24:80)

TCP (HTTP):
Connects to server-54-230-187-218.cdg51.r.cloudfront.net  (54.230.187.218:80)

TCP (HTTP):
Connects to bridge2.sfo1.admarketplace.net  (72.28.103.59:80)

TCP (HTTP):
Connects to tw194-static236.tw1.com  (110.93.194.236:80)

TCP (HTTP):
Connects to tw194-static219.tw1.com  (110.93.194.219:80)

TCP (HTTP):
Connects to server-54-230-187-5.cdg51.r.cloudfront.net  (54.230.187.5:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-amt2.facebook.com  (31.13.64.35:443)

Remove alg.exe - Powered by Reason Core Security