cpx.exe

Google Embedded Application

The application cpx.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘cpx’. While running, it connects to the Internet address bam-3.nr-data.net on port 443.
Product:
Google Embedded Application

Version:
2.1.0.0

MD5:
058f44938933578120f51fbc55f7e461

SHA-1:
3ed84e02aeb7d2513d10ddd1a837b9cb4b8dc90c

SHA-256:
fc2b4c5046e89ab3e5f0c96dd7b8692281594887ba71dfe06549005e6b4bd360

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/22/2024 4:32:54 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Yelloader (M)
17.1.5.4

File size:
634 KB (649,216 bytes)

Product version:
2.1.0.0

Copyright:
SmartSoft Copyright 2017 Google Inc. All rights reserved.

Original file name:
cpx.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\cpx\cpx.exe

File PE Metadata
Compilation timestamp:
1/4/2017 10:00:07 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x51298

Entry point:
E8, 68, D2, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, EC, 10, FF, 75, 0C, 8D, 4D, F0, E8, 7D, F7, FF, FF, 8B, 4D, F0, 83, 79, 74, 01, 7E, 15, 8D, 45, F0, 50, 6A, 04, FF, 75, 08, E8, C1, D3, 00, 00, 83, C4, 0C, 8B, C8, EB, 10, 8B, 89, 90, 00, 00, 00, 8B, 45, 08, 0F, B7, 0C, 41, 83, E1, 04, 80, 7D, FC, 00, 74, 07, 8B, 45, F8, 83, 60, 70, FD, 8B, C1, 8B, E5, 5D, C3, 55, 8B, EC, 83, EC, 10, FF, 75, 0C, 8D, 4D, F0, E8, 2B, F7, FF, FF, 8B, 4D, F0, 83, 79, 74, 01, 7E, 15, 8D, 45, F0, 50, 6A, 02, FF, 75, 08, E8...
 
[+]

Entropy:
6.1125

Code size:
424 KB (434,176 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
cpx

Command:
"C:\Program Files\cpx\cpx.exe" -starup


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to bam-3.nr-data.net  (50.31.164.173:443)

TCP (HTTP SSL):
Connects to 208.185.50.80.IPYX-063360-004-ZYO.zip.zayo.com  (208.185.50.80:443)

TCP (HTTP SSL):
Connects to m-prd-pxl-shared-mr1-blue-a.evip.aol.com  (152.163.50.2:443)

TCP (HTTP SSL):
Connects to 199.255.32.10.reverse.coremetrics.com  (199.255.32.10:443)

TCP (HTTP):
Connects to 34.f4.c1ad.ip4.static.sl-reverse.com  (173.193.244.52:80)

Remove cpx.exe - Powered by Reason Core Security