dailybee.exe

DailyWiki

The executable dailybee.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘DailyBee’. This file is typically installed with the program DailyBee - DailyBee for Desktop by DailyBee. While running, it connects to the Internet address *.d1.sc.omtrdc.net on port 443.
Publisher:
DailyWiki  (signed and verified)

MD5:
82678e425abfcea663ac685eb18b3549

SHA-1:
1fcdc6dd8f46980c86c5aff977634154c1efd89a

SHA-256:
a31973918a276dfca5b0974f9fbe0697deeb690712621250b938bfbcc92e6a35

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/30/2024 8:49:28 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.11.1.20

File size:
45.6 MB (47,811,800 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\dailybee\dailybee.exe

Digital Signature
Signed by:

Authority:
DailyWiki

Valid from:
9/19/2015 3:16:51 AM

Valid to:
9/16/2025 3:16:51 AM

Subject:
CN=DailyWiki, O=DailyWiki, S=Some-State, C=US

Issuer:
CN=DailyWiki, O=DailyWiki, S=Some-State, C=US

Serial number:
00DE81C7E6A224F568

File PE Metadata
Compilation timestamp:
2/20/2016 8:43:51 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
786432:yuK9C64r1c7VQZgnUrurLpbH05yL5dsuUQq6+4UYOkdOXQOntw:zwC64r1c6ZgnUSrLpbUAdBUQq6/BLqtw

Entry address:
0x1C9A031

Entry point:
E8, 5A, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, A8, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, A8, EC, 02, 5D, C3, E8, 09, 21, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CC, 21, 00, 00, 59, F6, 05, 20, A8, EC, 02, 02, 74, 21, 6A, 17, E8, D9, 20, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A9, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 16, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75...
 
[+]

Entropy:
6.8799

Code size:
34.9 MB (36,634,112 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
DailyBee

Command:
C:\users\{user}\appdata\roaming\dailybee\dailybee.exe su


The file dailybee.exe has been discovered within the following program.

About 2% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to e2.ycpi.vip.lob.yahoo.com  (87.248.114.12:443)

TCP (HTTP):
Connects to a184-86-201-168.deploy.static.akamaitechnologies.com  (184.86.201.168:80)

TCP (HTTP):

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.ir2.yahoo.com  (217.12.15.96:443)

TCP (HTTP):
Connects to prod-hzeu-exebid-lba-2.dca-ops.tech  (136.243.131.62:80)

TCP (HTTP):
Connects to a104-96-90-194.deploy.static.akamaitechnologies.com  (104.96.90.194:80)

TCP (HTTP SSL):
Connects to e1.ycpi.vip.lob.yahoo.com  (87.248.114.11:443)

TCP (HTTP SSL):
Connects to cache.google.com  (92.53.32.238:443)

TCP (HTTP SSL):
Connects to a23-6-124-78.deploy.static.akamaitechnologies.com  (23.6.124.78:443)

TCP (HTTP):
Connects to a104-103-72-192.deploy.static.akamaitechnologies.com  (104.103.72.192:80)

TCP (HTTP SSL):
Connects to yandex.ru  (77.88.55.55:443)

TCP (HTTP SSL):
Connects to mobile.yandex.net  (77.88.21.110:443)

TCP (HTTP):
Connects to euve246913.serverprofi24.com  (62.75.142.165:80)

TCP (HTTP):
Connects to a104-96-90-169.deploy.static.akamaitechnologies.com  (104.96.90.169:80)

TCP (HTTP):
Connects to a104-103-72-210.deploy.static.akamaitechnologies.com  (104.103.72.210:80)

TCP (HTTP SSL):
Connects to wb-in-f154.1e100.net  (66.102.1.154:443)

TCP (HTTP SSL):
Connects to upload-lb.esams.wikimedia.org  (91.198.174.208:443)

TCP (HTTP SSL):
Connects to text-lb.esams.wikimedia.org  (91.198.174.192:443)

TCP (HTTP):
Connects to srv82-165-240-87.vk.com  (87.240.165.82:80)

TCP (HTTP SSL):
Connects to server-54-192-44-143.fra6.r.cloudfront.net  (54.192.44.143:443)

Remove dailybee.exe - Powered by Reason Core Security