argonne.exe

Argonne

The application argonne.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named 36605913 triggered to execute each time a user logs in. While running, it connects to the Internet address cdce.dal003.internap.com on port 80 using the HTTP protocol.
Publisher:
Argonne

Product:
Argonne

Version:
4.2.1.98

MD5:
1de01c7bae5aa3ff63af4b64eb364c51

SHA-1:
fda44d9586fd60d19a9b4172092a2c9fef15492d

SHA-256:
96c2354b6e8ecd47509039a98f66423a3485470e6c87c0bd8c077d0748617f23

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 8:59:40 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Adware.Dotdo.AP application
6.3.12010.0

Reason Heuristics
Adware.Dotdo.ET (M)
17.2.5.8

File size:
10 KB (10,240 bytes)

Product version:
4.2.1.98

Copyright:
Copyright © Argonne 2017

Trademarks:
© 2017 Argonne

Original file name:
argonne.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\glossy\argonne.exe

File PE Metadata
Compilation timestamp:
2/4/2017 10:42:38 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x3D3E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.2161

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
7.5 KB (7,680 bytes)

Scheduled Task
Task name:
36605913

Trigger:
Logon (Runs on logon)

Description:
3660591336605913


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-5-252.dfw3.r.cloudfront.net  (54.230.5.252:80)

TCP (HTTP):
Connects to cdce.dal003.internap.com  (74.201.53.198:80)

TCP (HTTP):
Connects to lb-web.ustream.tv  (199.66.238.212:80)

TCP (HTTP):
Connects to eb.83.1732.ip4.static.sl-reverse.com  (50.23.131.235:80)

TCP (HTTP):

TCP (HTTP):
Connects to unpaid-21.btrll.com  (162.208.22.35:80)

TCP (HTTP):
Connects to haproxy003.sjc4.collective-media.net  (104.152.142.69:80)

TCP (HTTP):
Connects to ec2-34-197-11-128.compute-1.amazonaws.com  (34.197.11.128:80)

TCP (HTTP):
Connects to server-54-230-5-103.dfw3.r.cloudfront.net  (54.230.5.103:80)

TCP (HTTP):
Connects to server-54-230-11-217.lhr3.r.cloudfront.net  (54.230.11.217:80)

TCP (HTTP):
Connects to pr-bh.pbp.vip.ir2.yahoo.com  (77.238.185.35:80)

TCP (HTTP):
Connects to ec2-54-87-216-212.compute-1.amazonaws.com  (54.87.216.212:80)

TCP (HTTP):
Connects to ec2-52-7-126-247.compute-1.amazonaws.com  (52.7.126.247:80)

TCP (HTTP):

TCP (HTTP SSL):
Connects to ec2-50-18-44-201.us-west-1.compute.amazonaws.com  (50.18.44.201:443)

TCP (HTTP SSL):
Connects to ec2-184-169-136-202.us-west-1.compute.amazonaws.com  (184.169.136.202:443)

TCP (HTTP):

TCP (HTTP SSL):
Connects to a23-48-157-155.deploy.static.akamaitechnologies.com  (23.48.157.155:443)

TCP (HTTP SSL):
Connects to a23-37-58-176.deploy.static.akamaitechnologies.com  (23.37.58.176:443)

TCP (HTTP SSL):
Connects to a104-86-98-138.deploy.static.akamaitechnologies.com  (104.86.98.138:443)

Remove argonne.exe - Powered by Reason Core Security