beb3.tmp

The file beb3.tmp has been detected as a potentially unwanted program by 2 anti-malware scanners. While running, it connects to the Internet address dl21.clickmein.com on port 80 using the HTTP protocol.
MD5:
c61a5a9307836ed703f34cd5c64f7251

SHA-1:
b177cc6acb6c178445dd795316d3cc1b1c3966d7

SHA-256:
c4d85b863613f84b89f1c49ff1f71d38c3710fb1dd634836d9ce22576a7933d8

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 1:31:09 PM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Trojan.DownLoader19.59481
9.0.1.05190

Reason Heuristics
Adware.ConvertAd (M)
16.9.20.18

File size:
311.5 KB (318,976 bytes)

Common path:
C:\windows\temp\beb3.tmp

File PE Metadata
Compilation timestamp:
3/18/2016 3:34:25 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:mHrWhvrIyEcL74InVTMa+DSaO7ewsE7K7cj2t9ir:mHrWhvrIyEc4IVTMa+DSCw37K7cei

Entry address:
0x247D6

Entry point:
E8, 9C, B9, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, B0, 9F, 44, 00, 33, C5, 89, 45, FC, 53, 56, 8B, 75, 0C, F6, 46, 0C, 40, 57, 0F, 85, 36, 01, 00, 00, 56, E8, FC, 6F, 00, 00, 59, BB, F0, 9F, 44, 00, 83, F8, FF, 74, 2E, 56, E8, EB, 6F, 00, 00, 59, 83, F8, FE, 74, 22, 56, E8, DF, 6F, 00, 00, C1, F8, 05, 56, 8D, 3C, 85, 60, C9, 44, 00, E8, CF, 6F, 00, 00, 83, E0, 1F, 59, C1, E0, 06, 03, 07, 59, EB, 02, 8B, C3, 8A, 40, 24, 24, 7F, 3C, 02, 0F, 84, E8, 00, 00, 00, 56, E8, AE, 6F, 00, 00...
 
[+]

Entropy:
6.5017

Code size:
241.5 KB (247,296 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ip-184-168-221-35.ip.secureserver.net  (184.168.221.35:80)

TCP (HTTP):
Connects to dl21.clickmein.com  (216.227.128.186:80)

TCP (HTTP):
Connects to dl19.clickmein.com  (50.7.184.162:80)

Remove beb3.tmp - Powered by Reason Core Security