commgr.exe

The executable commgr.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘WindowMessenger’. While running, it connects to the Internet address hostedc40.carrierzone.com on port 80 using the HTTP protocol.
MD5:
4386ddf6ea222895ab01807b3bd6f253

SHA-1:
0338ca32202e28be2231cce762c0ae0ba0ca7162

SHA-256:
f08f02cd817c27c9e34fc11e9de6ad4cc60ca53c13c22fb1396702871112e425

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/25/2024 12:51:21 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Trojan.WinAlert (H)
17.1.24.9

File size:
476 KB (487,424 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
12/19/2061 1:33:39 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

Entry address:
0x5581

Entry point:
FE, C9, 53, 68, 46, 31, A3, 00, 8D, 05, 6C, 34, 33, 0D, 0B, E9, F6, D6, C7, C1, CC, B0, CD, EA, 87, E9, 50, 81, CD, 88, 7A, 02, 18, 5A, 10, D0, 2B, DA, 0F, B7, C6, 3D, FC, E7, 00, 00, 73, 07, 10, F1, 84, D1, F6, C1, DA, 8A, DA, E8, 50, 00, 00, 00, 0F, B7, F9, BA, 7E, D7, 08, 43, 69, FF, 1E, D6, C1, 21, 68, C0, 06, 01, 00, EB, 02, F7, DA, 5D, 81, ED, 67, 0F, 00, 00, 0F, AF, D2, C6, C1, EA, BB, 07, D5, 05, 00, 81, FE, 69, 4E, 00, 00, 74, 06, 84, E8, 89, EF, 88, F9, 81, EB, 91, C5, 05, 00, 4B, 75, 02, 0F, CE...
 
[+]

Entropy:
5.9849

Code size:
20 KB (20,480 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
WindowMessenger

Command:
C:\recycler\{random}\winsysapp.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ns1.ibspark.com  (54.72.130.67:80)

TCP (HTTP):
Connects to hostedc40.carrierzone.com  (64.29.151.221:80)

Remove commgr.exe - Powered by Reason Core Security