home

dailybee.exe

DailyWiki

The executable dailybee.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘DailyBee’. This file is typically installed with the program DailyBee - DailyBee for Desktop by DailyBee. While running, it connects to the Internet address upload-lb.esams.wikimedia.org on port 443.
Publisher:
DailyWiki  (signed and verified)

MD5:
5313dbc8b3aec8ed684ff70c48581f09

SHA-1:
6126f9b4668fc79135c76ce76da36661cdabf46f

SHA-256:
50549ec5da9e2c60663b6272188f323f4fa4dff04387a509f0616e90eeaa8728

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
1/8/2025 5:34:28 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.10.9.14

File size:
45.6 MB (47,813,592 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\dailybee\dailybee.exe

Digital Signature
Signed by:
DailyWiki

Authority:
DailyWiki

Valid from:
9/19/2015 12:16:51 PM

Valid to:
9/16/2025 12:16:51 PM

Subject:
CN=DailyWiki, O=DailyWiki, S=Some-State, C=US

Issuer:
CN=DailyWiki, O=DailyWiki, S=Some-State, C=US

Serial number:
00DE81C7E6A224F568

File PE Metadata
Compilation timestamp:
2/20/2016 4:43:51 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
786432:+uK9C64r1c7VQZgnUrurLpbH05yL5dsuUQq6+4UYOkdOXQOX59:HwC64r1c6ZgnUSrLpbUAdBUQq6/BLqp9

Entry address:
0x1C9A031

Entry point:
E8, 5A, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, A8, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, A8, EC, 02, 5D, C3, E8, 09, 21, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CC, 21, 00, 00, 59, F6, 05, 20, A8, EC, 02, 02, 74, 21, 6A, 17, E8, D9, 20, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A9, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 16, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75...
 
[+]

Code size:
34.9 MB (36,634,112 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
DailyBee

Command:
C:\users\{user}\appdata\roaming\dailybee\dailybee.exe su


The file dailybee.exe has been discovered within the following program.

DailyBee - DailyBee for Desktop  by DailyBee
About 2% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to bam-6.nr-data.net  (162.247.242.18:443)

TCP (HTTP):
Connects to a92-123-227-8.deploy.akamaitechnologies.com  (92.123.227.8:80)

TCP (HTTP):
Connects to a92-123-227-67.deploy.akamaitechnologies.com  (92.123.227.67:80)

TCP (HTTP):
Connects to a88-221-113-58.deploy.akamaitechnologies.com  (88.221.113.58:80)

TCP (HTTP):
Connects to a88-221-112-186.deploy.akamaitechnologies.com  (88.221.112.186:80)

TCP (HTTP):
Connects to a88-221-112-154.deploy.akamaitechnologies.com  (88.221.112.154:80)

TCP (HTTP):
Connects to a88-221-112-136.deploy.akamaitechnologies.com  (88.221.112.136:80)

TCP (HTTP):
Connects to a173-223-11-10.deploy.static.akamaitechnologies.com  (173.223.11.10:80)

TCP (HTTP SSL):
Connects to a104-94-0-89.deploy.static.akamaitechnologies.com  (104.94.0.89:443)

TCP (HTTP SSL):
Connects to a104-93-242-118.deploy.static.akamaitechnologies.com  (104.93.242.118:443)

TCP (HTTP):
Connects to a104-85-53-109.deploy.static.akamaitechnologies.com  (104.85.53.109:80)

TCP (HTTP):
Connects to a104-85-41-231.deploy.static.akamaitechnologies.com  (104.85.41.231:80)

TCP (HTTP):
Connects to a104-85-23-121.deploy.static.akamaitechnologies.com  (104.85.23.121:80)

TCP (HTTP):
Connects to 206-140.amazon.com  (72.21.206.140:80)

TCP (HTTP):
Connects to 205.245.178.107.bc.googleusercontent.com  (107.178.245.205:80)

TCP (HTTP SSL):
Connects to text-lb.esams.wikimedia.org  (91.198.174.192:443)

TCP (HTTP SSL):
Connects to upload-lb.esams.wikimedia.org  (91.198.174.208:443)

TCP (HTTP):
Connects to unknown.telstraglobal.net  (210.176.156.21:80)

TCP (HTTP):
Connects to ec2-107-22-198-94.compute-1.amazonaws.com  (107.22.198.94:80)

TCP (HTTP SSL):
Connects to bam-3.nr-data.net  (50.31.164.173:443)

Remove dailybee.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.