asubgnf.exe

Kreapixel Network

The application asubgnf.exe by Kreapixel Network has been detected as adware by 5 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named cGUU7F4R4yFgx6a triggered daily at a specified time.
Publisher:
Kreapixel Network  (signed and verified)

Version:
0.0.0.0

MD5:
1f43457d589acee3c6c56ed78381c3db

SHA-1:
62dcf14e86d86907e3e5bb40c4a2d9e300666ec7

SHA-256:
85daeee917712569153274455fcb2a3722b429c09a4d64ead58bbda82b15a70a

Scanner detections:
5 / 68

Status:
Adware

Analysis date:
11/5/2024 7:05:38 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Adware-CKQ [Adw]
2014.9-150324

AVG
Generic
2016.0.3160

Bkav FE
W32.HfsAdware
1.3.0.6379

Reason Heuristics
PUP.Task.KreapixelNetwork
15.3.24.17

VIPRE Antivirus
Kreapixel Network
38736

File size:
30.8 KB (31,560 bytes)

Original file name:
upd.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\5qbf6ha\asubgnf.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
6/26/2014 5:00:00 PM

Valid to:
6/26/2015 4:59:59 PM

Subject:
CN=Kreapixel Network, OU=24, O=Kreapixel Network, L=Bergerac, S=Dordogne, C=FR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
08C337D1809F41539363BCF60D881AB2

File PE Metadata
Compilation timestamp:
3/24/2015 11:19:00 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:QYepp4gkRSqA+YTzY031Nk+9eKH1f0cujc:nxi99RHtx

Entry address:
0x5CCE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.6102

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
16 KB (16,384 bytes)

Scheduled Task
Task name:
cGUU7F4R4yFgx6a

Trigger:
Daily (Runs daily at 12:40 PM)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

Remove asubgnf.exe - Powered by Reason Core Security