aspcheck.exe

Microsoft ASP.NET Runtime State Check

Nanjing Aodimu Tech Co.,Ltd

The application aspcheck.exe by Nanjing Aodimu Tech Co.,Ltd has been detected as a potentially unwanted program by 12 anti-malware scanners. While running, it connects to the Internet address 8a.eb.6132.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
MicroTools  (signed by Nanjing Aodimu Tech Co.,Ltd)

Product:
Microsoft ASP.NET Runtime State Check

Version:
1.3.8.5

MD5:
2aea86ed3298cda23d11dab407430039

SHA-1:
f0b05b7bfc61cad61525aa0d8ebb6f405f8b14b4

SHA-256:
13325b1f9ca9d11a8864231a860b5f2bb1c3eed59e96bbf9e032b19158706008

Scanner detections:
12 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 3:54:22 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Trojan.Heur.1Q1@rKBi!mpi
698

Avira AntiVirus
TR/Dropper.Gen
7.11.30.172

Bitdefender
Gen:Trojan.Heur.1Q1@rKBi!mpi
1.0.20.340

Bkav FE
W32.HfsAdware
1.3.0.6379

Emsisoft Anti-Malware
Gen:Trojan.Heur.1Q1@rq1iSAei
9.0.0.4668

F-Secure
Gen:Trojan.Heur.1Q1@rq1iSAei
5.13.68

G Data
Gen:Trojan.Heur.1Q1@rKBi!mpi
15.3.25

MicroWorld eScan
Gen:Trojan.Heur.1Q1@rKBi!mpi
16.0.0.204

Norman
Gen:Trojan.Heur.1Q1@rKBi!mpi
11.20150309

Reason Heuristics
PUP.JiangsuCN
15.3.9.1

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

VIPRE Antivirus
Threat.5066600
35418

File size:
2.8 MB (2,967,672 bytes)

Product version:
1.3.8.5

Copyright:
MicroTools

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\aspinfo\aspcheck.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
10/17/2014 4:26:07 AM

Valid to:
10/17/2016 4:26:07 AM

Subject:
CN="Nanjing Aodimu Tech Co.,Ltd", OU=Software, O="Nanjing Aodimu Tech Co.,Ltd", L=Nanjing, S=Jiangsu, C=CN

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121E136B5D663F4BB8678C1EB6FFCC47B11

File PE Metadata
Compilation timestamp:
12/13/2014 12:54:20 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:krP29K9PzpoS9ncizoQJspIEfLL39evgkIuVP:krP2Q9XodInP

Entry address:
0x27A43C

Entry point:
55, 8B, EC, 83, C4, F0, B8, C0, E4, 66, 00, E8, F0, 13, D9, FF, A1, 8C, 3D, 68, 00, 8B, 00, E8, F0, 80, EA, FF, A1, 8C, 3D, 68, 00, 8B, 00, B2, 01, E8, 02, 9E, EA, FF, 8B, 0D, 58, 38, 68, 00, A1, 8C, 3D, 68, 00, 8B, 00, 8B, 15, C8, AA, 66, 00, E8, E2, 80, EA, FF, A1, 8C, 3D, 68, 00, 8B, 00, E8, 3A, 82, EA, FF, E8, 55, C9, D8, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5945

Developed / compiled with:
Microsoft Visual C++

Code size:
2.5 MB (2,593,792 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 8a.eb.6132.ip4.static.sl-reverse.com  (50.97.235.138:80)

Remove aspcheck.exe - Powered by Reason Core Security