conhost.exe

Console Window Host

The executable conhost.exe has been detected as malware by 19 anti-virus scanners.
Publisher:
Console Window Host

Product:
Console Window Host

Version:
2.0.0.0

MD5:
39ac4626bb55759fc9c376e7b33dc0a1

SHA-1:
91c028429a51eb492d11303fad300ffd8b519bb1

SHA-256:
17f301d900bf7261e44023065a041a676f66ab92e7696dabd02242803b5f61ad

Scanner detections:
19 / 68

Status:
Malware

Analysis date:
12/29/2024 3:05:48 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Zusy.118400
776

AhnLab V3 Security
Trojan/Win32.Agent
2014.12.20

Avira AntiVirus
TR/Click.274944
7.11.196.218

avast!
Win32:Dropper-gen [Drp]
2014.9-141220

AVG
MSIL6
2015.0.3254

Bitdefender
Gen:Variant.Zusy.118400
1.0.20.1770

Comodo Security
UnclassifiedMalware
20417

Emsisoft Anti-Malware
Gen:Variant.Zusy.118400
8.14.12.20.10

ESET NOD32
MSIL/Kryptik.AQZ (variant)
8.10905

Fortinet FortiGate
MSIL/Kryptik.AQZ!tr
12/20/2014

G Data
Gen:Variant.Zusy.118400
14.12.24

IKARUS anti.virus
Trojan.MSIL.Crypt
t3scan.1.8.5.0

Malwarebytes
Trojan.Clicker
v2014.12.20.10

McAfee
Artemis!39AC4626BB55
5600.6910

Microsoft Security Essentials
TrojanClicker:MSIL/Ezbro.C
1.11302

MicroWorld eScan
Gen:Variant.Zusy.118400
15.0.0.1062

Norman
Suspicious_Gen4.HKWCW
11.20141220

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R0C1H09LI14
7.2.354

File size:
268.5 KB (274,944 bytes)

Product version:
2.0.0.0

Copyright:
Copyright © 1953

Original file name:
Launcher.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\conhost.exe

File PE Metadata
Compilation timestamp:
12/14/2014 7:20:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:ez7TqsT773M5SF2kUsvhqoIdv1OsOiroVgYjAt65:4730S4+ZY9+PVhst65

Entry address:
0x4471E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.4688

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
266 KB (272,384 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to UNKNOWN-68-142-253-X.yahoo.com  (68.142.253.16:80)

TCP (HTTP):
Connects to s-prd-pxl-adcom-scd-a.evip.aol.com  (152.163.13.6:80)

TCP (HTTP):
Connects to s-prd-ads02-adcom_nwa_blue.evip.aol.com  (149.174.67.71:80)

TCP (HTTP):
Connects to server-54-230-138-24.lax1.r.cloudfront.net  (54.230.138.24:80)

TCP (HTTP):
Connects to server-54-230-138-115.lax1.r.cloudfront.net  (54.230.138.115:80)

TCP (HTTP):
Connects to s3-2.amazonaws.com  (54.231.244.4:80)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.12.145:80)

TCP (HTTP):
Connects to rtb02.us.dataxu.net  (50.23.159.133:80)

TCP (HTTP SSL):
Connects to r-199-59-148-11.twttr.com  (199.59.148.11:443)

TCP (HTTP):
Connects to oasn04a.247realmedia.com  (208.71.122.194:80)

TCP (HTTP):
Connects to oasc17a.247realmedia.com  (208.71.121.61:80)

TCP (HTTP):
Connects to net64-20-243-243.static-customer.corenap.com  (64.20.243.243:80)

TCP (HTTP):
Connects to na.gmtdmp.com  (208.71.122.14:80)

TCP (HTTP):
Connects to lb.ca.magicdns.co  (167.114.100.232:80)

TCP (HTTP):
Connects to jumptap.com  (209.94.144.19:80)

TCP (HTTP):
Connects to host.i-signtec.com  (68.233.231.2:80)

TCP (HTTP):
Connects to ec2-54-85-74-24.compute-1.amazonaws.com  (54.85.74.24:80)

TCP (HTTP):
Connects to ec2-54-210-30-239.compute-1.amazonaws.com  (54.210.30.239:80)

TCP (HTTP):
Connects to ec2-54-204-1-120.compute-1.amazonaws.com  (54.204.1.120:80)

TCP (HTTP):
Connects to ec2-54-201-156-239.us-west-2.compute.amazonaws.com  (54.201.156.239:80)

Remove conhost.exe - Powered by Reason Core Security