delta_2.2.0.0_cn.exe

The executable delta_2.2.0.0_cn.exe has been detected as malware by 2 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from 49883610b2899a565445-f8bbcd60a34d32bcae8d0f1cb50205b0.r36.cf1.rackcdn.com. While running, it connects to the Internet address NY1WV3438 on port 80 using the HTTP protocol.
MD5:
52418830fda0d496c871ad7bd93aed43

SHA-1:
bd997c143aa8777b8180e50d366af08acdeff9bb

SHA-256:
69e7f18f9803c3d4e5c69e70bf981d1dc06e01f48332bb567a9b382865f92775

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
12/29/2024 12:34:13 AM UTC  (today)

Scan engine
Detection
Engine version

Norman
Trojan.GenericKD.3195977
10.04.2016 15:29:17

Reason Heuristics
(M)
16.6.22.17

File size:
858 KB (878,592 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\delta_2.2.0.0_cn.exe

File PE Metadata
Compilation timestamp:
4/30/2016 11:38:16 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:X/hQLyQwG5BayOPHsvsGYIYAzuhsrO9mZU8:QwczOPHsvsG3zYWO9mZn

Entry address:
0x60F0

Entry point:
56, EB, 03, 90, 90, 90, 90, 8B, 35, 7C, D0, 44, 00, 6A, 00, FF, D6, 50, E8, 99, FF, FF, FF, 83, C4, 04, 68, 7C, F1, 45, 00, 6A, 00, FF, D6, 50, FF, 15, 78, D0, 44, 00, 5E, 85, C0, 74, 02, FF, E0, 33, C0, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 41, 04, 2B, 8B, 16, 8B, 4E, 04, 53, 8B, 5D, 0C, 03, D9, 8D, 3C, 10, 3B, DF, 5B, 76, 27, 2B, C1, 03, C2, 8B, 10, 8B, 06, 8B, 4E, 08, 03, C8, 3B, C1, 76, 02, 8B, C1, 89, 46, 04, 8B, 46, 08, 01, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 56...
 
[+]

Code size:
302.5 KB (309,760 bytes)

The file delta_2.2.0.0_cn.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to server-205-251-212-180.nrt52.r.cloudfront.net  (205.251.212.180:443)

TCP (HTTP SSL):
Connects to node-210-160-193-169.send.microad.jp  (210.160.193.169:443)

TCP (HTTP SSL):
Connects to a23-210-202-185.deploy.static.akamaitechnologies.com  (23.210.202.185:443)

TCP (HTTP SSL):
Connects to a104-75-252-11.deploy.static.akamaitechnologies.com  (104.75.252.11:443)

TCP (HTTP SSL):
Connects to 96.248.178.107.bc.googleusercontent.com  (107.178.248.96:443)

TCP (HTTP SSL):
Connects to www.leopalace21.com  (210.134.73.212:443)

TCP (HTTP SSL):
Connects to a118-215.181-54.deploy.akamaitechnologies.com  (118.215.181.54:443)

TCP (HTTP):
Connects to NY1WV3561  (204.145.82.26:80)

TCP (HTTP):
Connects to ny1wv3283.xglobe.net  (204.145.82.23:80)

TCP (HTTP):
Connects to NY1WV3659  (204.145.82.27:80)

TCP (HTTP):
Connects to NY1WV3438  (204.145.82.24:80)

TCP (HTTP):
Connects to ec2-34-199-132-228.compute-1.amazonaws.com  (34.199.132.228:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-sit4.facebook.com  (31.13.78.35:443)

TCP (HTTP):
Connects to ny1wv3280.xglobe.net  (204.145.82.20:80)

TCP (HTTP):
Connects to 189.152.251.23.bc.googleusercontent.com  (23.251.152.189:80)

TCP (HTTP SSL):
Connects to z-m-fbcdn-mini-shv-01-sit4.fbcdn.net  (31.13.78.38:443)

TCP (HTTP):
Connects to ec2-52-8-79-22.us-west-1.compute.amazonaws.com  (52.8.79.22:80)

TCP (HTTP SSL):

TCP (HTTP):
Connects to ec2-52-202-52-20.compute-1.amazonaws.com  (52.202.52.20:80)

TCP (HTTP):
Connects to server-52-84-63-71.ord51.r.cloudfront.net  (52.84.63.71:80)

Remove delta_2.2.0.0_cn.exe - Powered by Reason Core Security