anuferpyhoiedengdrihut.exe

BIG JOURNEY TECHNOLOGY LIMITED

The application anuferpyhoiedengdrihut.exe by BIG JOURNEY TECHNOLOGY LIMITED has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. While running, it connects to the Internet address server-52-84-246-194.sfo20.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
BIG JOURNEY TECHNOLOGY LIMITED  (signed and verified)

MD5:
218c5f0e00ca7078cba6624feb817ba5

SHA-1:
782b49704542798cd7e423f61dcd72055bae41c1

SHA-256:
a60b1215bdbeee9adacaea04a8cc8fea338a4f487c31505e1215b59994ca9923

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/25/2024 6:28:37 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.YesSearches (M)
16.9.6.7

File size:
306.1 KB (313,496 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\zemudomkgerpy\anuferpyhoiedengdrihut.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
9/2/2016 10:35:05 AM

Valid to:
1/21/2017 3:56:27 AM

Subject:
CN=BIG JOURNEY TECHNOLOGY LIMITED, O=BIG JOURNEY TECHNOLOGY LIMITED, L=香港, S=香港, C=HK

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE

Serial number:
1898285AADCB12954F2A5463

File PE Metadata
Compilation timestamp:
9/6/2016 6:45:36 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
3072:tsUqEkH8HPN3hQYNM9WJVhpv6g89MXL1yWkhh7+dDCXV4pOODJ5G3roIP+QlasdT:6UqgWBM3hN1yDh+2SpZGTVlasf5Q4l

Entry address:
0x1D1B9

Entry point:
E8, D3, 40, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, FF, 15, 84, D0, 43, 00, 6A, 01, A3, 04, D2, 44, 00, E8, 20, 46, 00, 00, FF, 75, 08, E8, B5, 45, 00, 00, 83, 3D, 04, D2, 44, 00, 00, 59, 59, 75, 08, 6A, 01, E8, 06, 46, 00, 00, 59, 68, 09, 04, 00, C0, E8, 83, 45, 00, 00, 59, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, C2, 32, 01, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, E8, CF, 44, 00, 89, 0D, E4, CF, 44, 00, 89, 15, E0, CF, 44, 00, 89, 1D, DC, CF, 44, 00, 89, 35, D8, CF, 44, 00, 89, 3D, D4...
 
[+]

Entropy:
6.4734

Code size:
236.5 KB (242,176 bytes)

Scheduled Task
Task name:
Anuferpyhoied Engine

Trigger:
Daily (Runs daily at 12:12 AM)

Description:
The engine of Anuferpyhoied.


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-192-29-42.dub2.r.cloudfront.net  (54.192.29.42:80)

TCP (HTTP):
Connects to server-54-230-216-144.mrs50.r.cloudfront.net  (54.230.216.144:80)

TCP (HTTP):
Connects to server-54-230-216-218.mrs50.r.cloudfront.net  (54.230.216.218:80)

TCP (HTTP):
Connects to server-52-85-94-237.jfk5.r.cloudfront.net  (52.85.94.237:80)

TCP (HTTP):
Connects to server-54-230-216-27.mrs50.r.cloudfront.net  (54.230.216.27:80)

TCP (HTTP):
Connects to server-54-230-187-224.cdg51.r.cloudfront.net  (54.230.187.224:80)

TCP (HTTP):
Connects to server-54-230-141-200.sfo5.r.cloudfront.net  (54.230.141.200:80)

TCP (HTTP):
Connects to server-54-192-3-28.lhr5.r.cloudfront.net  (54.192.3.28:80)

TCP (HTTP):
Connects to server-54-192-3-207.lhr5.r.cloudfront.net  (54.192.3.207:80)

TCP (HTTP):
Connects to server-54-192-230-249.waw50.r.cloudfront.net  (54.192.230.249:80)

TCP (HTTP):
Connects to server-54-192-230-17.waw50.r.cloudfront.net  (54.192.230.17:80)

TCP (HTTP):
Connects to server-54-192-230-165.waw50.r.cloudfront.net  (54.192.230.165:80)

TCP (HTTP):
Connects to server-52-84-246-194.sfo20.r.cloudfront.net  (52.84.246.194:80)

TCP (HTTP):
Connects to server-52-84-132-66.atl52.r.cloudfront.net  (52.84.132.66:80)

Remove anuferpyhoiedengdrihut.exe - Powered by Reason Core Security