dailaymation.exe

北京云立方科技有限公司

The application dailaymation.exe by 北京云立方科技有限公司 has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. While running, it connects to the Internet address mx-ll-110.164.16-114.static.3bb.co.th on port 80 using the HTTP protocol.
Publisher:
wgj  (signed by 北京云立方科技有限公司)

Version:
1.0.0.6

MD5:
36e3394754f0681190eb32099fc25ab5

SHA-1:
874dd6693473a45ae5593811b9cdc3c29c558e0a

SHA-256:
1e22a3250dee00af2e5f6fcb48d546f547d53aa38a382c73a96dc1369c684343

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 6:33:44 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP..Reputation
15.9.15.8

File size:
407.4 KB (417,168 bytes)

Product version:
1.0.0.6

Copyright:
Copyright (C) 2015

File type:
Executable application (Win32 EXE)

Language:
Chinese

Common path:
C:\users\{user}\appdata\roaming\wenguanjia\dailaymation.exe

Digital Signature
Authority:
WoSign CA Limited

Valid from:
11/25/2014 1:22:11 AM

Valid to:
11/25/2015 1:22:11 AM

Subject:
CN=北京云立方科技有限公司, O=北京云立方科技有限公司, L=北京市, S=北京市, C=CN

Issuer:
CN=WoSign Class 3 Code Signing CA, O=WoSign CA Limited, C=CN

Serial number:
3688954D3B10E405CB7181AFE2156820

File PE Metadata
Compilation timestamp:
8/12/2015 5:01:25 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
6144:8cWgVZhXDqjsrzsJ/iaxMec2CJiPz0lgbFsK2yShsvpn1DxckAXdbj:8cWgVZhXDqPHc2/g6B3Zlt2dn

Entry address:
0x6CB9

Entry point:
E8, F7, 6A, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, A0, 24, 42, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 80, 01, 42, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, A0, 24, 42, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00...
 
[+]

Entropy:
7.1547

Code size:
84 KB (86,016 bytes)

Scheduled Task
Task name:
AdobeoaUpdate Ver 201598

Trigger:
Daily (Runs daily at 12:00 p. m.)

Description:
This task detect has update.Ver 201598


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

TCP (HTTP):
Connects to 61-90-241-25.static.asianet.co.th  (61.90.241.25:80)

TCP (HTTP):
Connects to reverse.gdsz.cncnet.net  (58.251.100.24:80)

TCP (HTTP):
Connects to no-data  (125.39.83.108:80)

TCP (HTTP):
Connects to mx-ll-110.164.16-114.static.3bb.co.th  (110.164.16.114:80)

TCP:
Connects to hn.kd.ny.adsl  (42.236.74.195:82)

TCP (HTTP):
Connects to map2.hwcdn.net  (205.185.216.42:80)

Remove dailaymation.exe - Powered by Reason Core Security