delta toolbarupdt.exe

The application delta toolbarupdt.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. It runs as a scheduled task under the Windows Task Scheduler triggered by a time event. The file has been seen being downloaded from 49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com. While running, it connects to the Internet address NY1WV3659 on port 80 using the HTTP protocol.
MD5:
31ac56f2c5bbbcd82ff033b5fb8b5a4e

SHA-1:
6f3fcea7e77c3f19f36f7e36829c916bbc74898a

SHA-256:
37063dac0f815e3bc0128e46ceed5dc2aa3607e19544039de8ac0a9f9a6eeb38

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/29/2024 12:32:12 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Toolbar
16.6.28.9

File size:
856 KB (876,544 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\delta\delta\2.2.4.0\delta toolbarupdt.exe

File PE Metadata
Compilation timestamp:
6/9/2016 11:27:48 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:tD+F45yY1ml30CExDgkL/wd32yNJI2cqoUrdOWnKhpeiFk0gq:ty28Qml0CExDgkL/wd32yNJIPqoUrdOL

Entry address:
0x60F0

Entry point:
56, EB, 03, 90, 90, 90, 90, 8B, 35, 7C, D0, 44, 00, 6A, 00, FF, D6, 50, E8, 99, FF, FF, FF, 83, C4, 04, 68, 7C, F1, 45, 00, 6A, 00, FF, D6, 50, FF, 15, 78, D0, 44, 00, 5E, 85, C0, 74, 02, FF, E0, 33, C0, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 41, 04, 2B, 8B, 4D, FC, 89, 3E, 89, 4E, 08, 5F, 5E, 8B, E5, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 56, 8B, F1, 8B, 06, 85, C0, 74, 16, 50, E8, 52, D3, 02, 00, 83, C4, 04, C7, 06, 00, 00, 00, 00, C7, 46, 08, 00, 00, 00, 00, 5E...
 
[+]

Code size:
302.5 KB (309,760 bytes)

Scheduled Task
Task name:
Delta Toolbar Updater

Trigger:
Time


The file delta toolbarupdt.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to NY1WV3561  (204.145.82.26:80)

TCP (HTTP):
Connects to ny1wv3280.xglobe.net  (204.145.82.20:80)

TCP (HTTP):
Connects to NY1WV3659  (204.145.82.27:80)

TCP (HTTP):
Connects to NY1WV3438  (204.145.82.24:80)

TCP (HTTP):
Connects to ny1wv3283.xglobe.net  (204.145.82.23:80)

Remove delta toolbarupdt.exe - Powered by Reason Core Security