d6markingappu89.exe

The application d6markingappu89.exe has been detected as a potentially unwanted program by 29 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. While running, it connects to the Internet address lb-182-233.above.com on port 80 using the HTTP protocol.
MD5:
531629e7c1861464127a2d48f6fb12eb

SHA-1:
fc88c7f92568052bd58c213345953d5c22c39473

Scanner detections:
29 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 6:47:01 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Kazy.600427
604

AhnLab V3 Security
PUP/Win32.Addlyrics
2015.06.05

Avira AntiVirus
TR/Crypt.EPACK.Gen2
8.3.1.6

Arcabit
Trojan.Adware.Kazy.D9296B
1.0.0.425

avast!
Win32:Adware-gen [Adw]
2014.9-150611

AVG
AddLyrics_r
2016.0.3082

Baidu Antivirus
Adware.Win32.AddLyrics
4.0.3.15611

Bitdefender
Gen:Variant.Adware.Kazy.600427
1.0.20.810

Comodo Security
ApplicUnwnt
22342

Dr.Web
Trojan.Revizer.682
9.0.1.0162

Emsisoft Anti-Malware
Gen:Variant.Adware.Kazy.600427
8.15.06.11.11

ESET NOD32
Win32/Adware.AddLyrics.EE (variant)
9.11738

Fortinet FortiGate
Riskware/AddLyrics
6/11/2015

F-Secure
Gen:Variant.Adware.Kazy
11.2015-11-06_5

G Data
Gen:Variant.Adware.Kazy.600427
15.6.25

IKARUS anti.virus
PUA.AddLyrics
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.204.16148

McAfee
RDN/Generic PUP.x!cx3
5600.6738

MicroWorld eScan
Gen:Variant.Adware.Kazy.600427
16.0.0.486

NANO AntiVirus
Trojan.Win32.EPACK.drevjm
0.30.24.1636

Panda Antivirus
Trj/Genetic.gen
15.06.11.11

Qihoo 360 Security
Win32/Trojan.b64
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
15.6.11.11

Rising Antivirus
PE:Malware.Obscure/Heur!1.9E03
23.00.65.15609

Sophos
Generic PUA PM
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-AddLyrics
9820

Trend Micro House Call
TROJ_GEN.R047C0EED15
7.2.162

Trend Micro
TROJ_GEN.R047C0EED15
10.465.11

VIPRE Antivirus
Trojan.Win32.Generic
40846

File size:
593 KB (607,232 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\version23markingapp\d6markingappu89.exe

File PE Metadata
Compilation timestamp:
5/3/2015 5:56:21 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:iXXSQsoVWhByCj6ES1YcbS+Dt6PljKAvrh5XLydKqt9DJPDe:CXSQfVWhByCWecbS+DAPlmAThNyVE

Entry address:
0x3DED2

Entry point:
E8, 13, BE, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 69, 00, 00, 00, C7, 06, D4, C2, 45, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 0D, 00, 00, 00, C7, 06, D4, C2, 45, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, 83, 66, 04, 00, C7, 06, B4, C2, 45, 00, C6, 46, 08, 00, FF, 30, E8, D8, 00, 00, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 8B, 45, 08, C7, 01, B4, C2, 45, 00, 8B, 00, 89, 41, 04, C6, 41, 08, 00, 8B, C1, 5D, C2, 08...
 
[+]

Entropy:
6.2227

Code size:
350 KB (358,400 bytes)

Scheduled Task
Task name:
markingApp Update

Path:
C:\WINDOWS\Tasks\markingApp Update.job

Trigger:
Daily (Runs daily at 9:14 PM)


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to lb-182-233.above.com  (103.224.182.233:80)

Remove d6markingappu89.exe - Powered by Reason Core Security