cdhtr.exe

The application cdhtr.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Description:
Wmi protect host

Version:
6.9.0.0

MD5:
f6d8e7c059a61f2580407dc829683a20

SHA-1:
dacb4081674d8ef790c85c1353b36a1dd5e0fa6f

SHA-256:
4fac36004a4bba45840bb71acb1d49963d0cb9ebe46b536bc094926f2ac16151

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/22/2024 9:17:03 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Yelloader.Meta (M)
16.4.18.11

File size:
807 KB (826,368 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\msrtn32\cdhtr.exe

File PE Metadata
Compilation timestamp:
4/12/2016 4:57:10 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:n9hYh4HW1v9RYfOBkj9iV8Qkl9XxgpaODNXiD5k5ZbcDnUSIvL8qGOJkJ7IrLRxY:nDYX3KOBkhtr3

Entry address:
0x2BA0E

Entry point:
E8, ED, 03, 00, 00, E9, 63, FD, FF, FF, FF, 25, 50, 41, 43, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, B0, 47, 4B, 00, 89, 0D, AC, 47, 4B, 00, 89, 15, A8, 47, 4B, 00, 89, 1D, A4, 47, 4B, 00, 89, 35, A0, 47, 4B, 00, 89, 3D, 9C, 47, 4B, 00, 66, 8C, 15, C8, 47, 4B, 00, 66, 8C, 0D, BC, 47, 4B, 00, 66, 8C, 1D, 98, 47, 4B, 00, 66, 8C, 05, 94, 47, 4B, 00, 66, 8C, 25, 90, 47, 4B, 00, 66, 8C, 2D, 8C, 47, 4B, 00, 9C, 8F, 05, C0, 47, 4B, 00, 8B, 45, 00, A3, B4, 47, 4B, 00, 8B, 45, 04, A3, B8, 47, 4B, 00, 8D...
 
[+]

Entropy:
6.0054

Code size:
202 KB (206,848 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

TCP (HTTP):
Connects to a184-86-16-101.deploy.static.akamaitechnologies.com  (184.86.16.101:80)

TCP (HTTP SSL):
Connects to ox-173-241-250-143.ca.dc.openx.org  (173.241.250.143:443)

TCP (HTTP SSL):
Connects to a23-203-109-122.deploy.static.akamaitechnologies.com  (23.203.109.122:443)

TCP (HTTP):
Connects to d2.3c.65d0.ip4.static.sl-reverse.com  (208.101.60.210:80)

TCP (HTTP SSL):
Connects to olui2.fs.ml.com  (209.1.3.15:443)

TCP (HTTP):
Connects to server-52-84-57-90.ord51.r.cloudfront.net  (52.84.57.90:80)

TCP (HTTP):
Connects to ec2-54-86-252-30.compute-1.amazonaws.com  (54.86.252.30:80)

TCP (HTTP):
Connects to ec2-54-243-153-84.compute-1.amazonaws.com  (54.243.153.84:80)

TCP (HTTP SSL):
Connects to a23-203-177-186.deploy.static.akamaitechnologies.com  (23.203.177.186:443)

TCP (HTTP SSL):
Connects to server-52-85-133-227.iad53.r.cloudfront.net  (52.85.133.227:443)

TCP (HTTP SSL):
Connects to qu-in-f156.1e100.net  (209.85.201.156:443)

TCP (HTTP SSL):
Connects to qu-in-f147.1e100.net  (209.85.201.147:443)

TCP (HTTP):

TCP (HTTP SSL):
Connects to a23-6-64-59.deploy.static.akamaitechnologies.com  (23.6.64.59:443)

TCP (HTTP SSL):
Connects to a23-196-59-76.deploy.static.akamaitechnologies.com  (23.196.59.76:443)

TCP (HTTP SSL):
Connects to a23-196-104-106.deploy.static.akamaitechnologies.com  (23.196.104.106:443)

TCP (HTTP SSL):
Connects to server-54-230-206-120.atl50.r.cloudfront.net  (54.230.206.120:443)

TCP (HTTP):
Connects to server-54-230-206-12.atl50.r.cloudfront.net  (54.230.206.12:80)

TCP (HTTP):
Connects to server-52-84-144-21.yto50.r.cloudfront.net  (52.84.144.21:80)

Remove cdhtr.exe - Powered by Reason Core Security