home

chedot.exe

Chedot

The Chedot Authors

The executable chedot.exe has been detected as malware by 3 anti-virus scanners. While running, it connects to the Internet address cache.google.com on port 443.
Publisher:
The Chedot Authors

Product:
Chedot

Version:
53.0.2785.601

MD5:
5f00265f59d0053c140224426f843f43

SHA-1:
2daf429f587eab6059a813e7587195e3fd763e13

SHA-256:
4eb4135674c173b3e681496d8b2db07898398b4cfbe6122a2065ed6f9221defd

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
12/27/2024 3:30:13 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Xpirat
160917-0

Dr.Web
Win32.Expiro.80
9.0.1.05190

F-Prot
New or modified Expiro
4.6.5.141

File size:
1.9 MB (1,965,056 bytes)

Product version:
53.0.2785.601

Copyright:
Copyright 2016 The Chedot Authors. All rights reserved.

Original file name:
chedot.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\chedot\application\chedot.exe

File PE Metadata
Compilation timestamp:
1/30/2017 5:50:56 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x6873D

Entry point:
60, 55, 89, E5, 81, EC, 08, 01, 00, 00, C7, 45, EC, 06, 00, 00, 00, C7, 45, F4, 04, 00, 00, 00, 83, 65, F8, 00, 8B, 45, EC, 83, E8, 06, 89, 45, F0, C7, 45, B8, 52, 2B, 00, 00, C7, 45, E8, 5C, 9F, A3, 4F, B8, FA, 01, 00, 00, F7, 65, B8, 89, 45, 90, 89, 45, F8, C7, 45, F0, 57, 3E, 00, 00, 81, 45, F0, 61, 65, 00, 00, 81, 45, F0, 48, 14, 03, 00, 8B, 45, F4, 03, 45, EC, 83, E8, 0A, 89, 45, C4, 81, 45, F8, 9C, 0C, 00, 00, FF, 4D, E8, C7, 45, E4, 1A, 12, 00, 00, 8B, 45, E4, 29, 45, F8, C7, 45, DC, B0, B0, 55, 00...
 
[+]

Entropy:
6.9042

Code size:
624.5 KB (639,488 bytes)

Shell Open Command
Open type:
ftp

Command:
"C:\users\{user}\appdata\local\chedot\application\chedot.exe" -- "%1"


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to static.166.114.46.78.clients.your-server.de  (78.46.114.166:80)

TCP (HTTP):
Connects to static.24.176.243.136.clients.your-server.de  (136.243.176.24:80)

TCP (HTTP):
Connects to static.153.190.201.138.clients.your-server.de  (138.201.190.153:80)

TCP (HTTP):
Connects to chedot.com  (136.243.177.161:80)

TCP (HTTP SSL):
Connects to cache.google.com  (196.201.63.53:443)

TCP (HTTP):
Connects to static.38.93.99.88.clients.your-server.de  (88.99.93.38:80)

TCP (HTTP SSL):
Connects to edge-z-1-p2-shv-01-lhr3.facebook.com  (31.13.90.40:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-lhr3.facebook.com  (31.13.90.2:443)

Remove chedot.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.