» alg.exe
Overview
Analysis
File Details
Behaviors (1)
Network (16)

alg.exe

CPAX20

SornSoft

The application alg.exe has been detected as a potentially unwanted program by 27 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Application Layer Gateway’. While running, it connects to the Internet address 2a.6a.acb8.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.

File name:

alg.exe

Publisher:

SornSoft

Product:

CPAX20

Version:

1.0.0.0

MD5:

d475e244e17c9207d23e96e4e57c9ced

SHA-1:

73257df304b2c09ad69463b0a3ac1d705e23cee2

SHA-256:

2a8f79c0ace2c669eb9c25667121f6ad9e9b6f1383f1ec84327ae719502a671f

Scanner detections:

27 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 1:23:27 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.4356578

615

Agnitum Outpost

Trojan.Agent

7.1.1

avast!

Win32:Dropper-gen [Drp]

2014.9-150531

AVG

Generic19

2016.0.3093

Baidu Antivirus

Trojan.MSIL.Agent

4.0.3.15531

Bitdefender

Trojan.Generic.4356578

1.0.20.755

Clam AntiVirus

Win.Trojan.Agent-519368

0.98/21511

Emsisoft Anti-Malware

Trojan.Generic.4356578

8.15.05.31.09

ESET NOD32

MSIL/Agent.NCF (variant)

9.11562

Fortinet FortiGate

W32/Dx.TIA!tr

5/31/2015

F-Prot

W32/MalwareF.IPCL

v6.4.7.1.166

F-Secure

Trojan.Generic.4356578

11.2015-31-05_1

G Data

Trojan.Generic.4356578

15.5.25

IKARUS anti.virus

Trojan-Dropper.Agent

t3scan.1.8.9.0

McAfee

Artemis!D475E244E17C

5600.6749

MicroWorld eScan

Trojan.Generic.4356578

16.0.0.453

NANO AntiVirus

Trojan.Win32.Agent.ojtqc

0.30.24.1357

Norman

Suspicious_Gen2.CGEQS

11.20150531

nProtect

Trojan.Generic.4356578

15.04.30.01

Panda Antivirus

Generic Malware

15.05.31.09

Qihoo 360 Security

Win32/Trojan.430

1.0.0.1015

Sophos

Mal/Generic-S

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Dropper

9842

Trend Micro House Call

ADW_AGENT

7.2.151

Trend Micro

ADW_AGENT

10.465.31

VIPRE Antivirus

Trojan.Win32.Generic

39850

ViRobot

Trojan.Win32.S.Agent.33792.M[h]

2014.3.20.0

File size:

33 KB (33,792 bytes)

Product version:

1.0.0.0

Original file name:

CPAX2.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\common files\alg.exe

File PE Metadata

Compilation timestamp:

1/26/2010 7:09:05 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

768:sxc/vAVUR9lEnW5bWDgU5354q+SRZMV+p3cafDKkSu3NGDR:sGHgDVWaK+p3FrKkN3q

Entry address:

0x8EBE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.4002

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

28 KB (28,672 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Application Layer Gateway

Command:

C:\Program Files\common files\alg.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to xx-fbcdn-shv-01-sit4.fbcdn.net (31.13.78.17:443)

TCP (HTTP):

Connects to no.rdns.ukservers.com (94.229.72.115:80)

TCP (HTTP SSL):

Connects to edge-star-mini-shv-01-fra3.facebook.com (31.13.93.36:443)

TCP (HTTP):

Connects to 2a.6a.acb8.ip4.static.sl-reverse.com (184.172.106.42:80)

TCP (HTTP SSL):

Connects to edge-star-mini-shv-01-frt3.facebook.com (31.13.92.36:443)

TCP (HTTP):

Connects to admarketplace.dmarc.lga1.atlanticmetro.net (108.60.149.202:80)

TCP (HTTP):

Connects to server-54-230-187-22.cdg51.r.cloudfront.net (54.230.187.22:80)

TCP (HTTP):

Connects to server-54-230-187-24.cdg51.r.cloudfront.net (54.230.187.24:80)

TCP (HTTP):

Connects to server-54-230-187-218.cdg51.r.cloudfront.net (54.230.187.218:80)

TCP (HTTP):

Connects to bridge2.sfo1.admarketplace.net (72.28.103.59:80)

TCP (HTTP):

Connects to tw194-static236.tw1.com (110.93.194.236:80)

TCP (HTTP):

Connects to tw194-static219.tw1.com (110.93.194.219:80)

TCP (HTTP):

Connects to server-54-230-187-5.cdg51.r.cloudfront.net (54.230.187.5:80)

TCP (HTTP SSL):

Connects to edge-star-mini-shv-01-amt2.facebook.com (31.13.64.35:443)

Remove alg.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.