» desktopprivacyremote.exe
Overview
Analysis
File Details
Behaviors (1)
Network (5)

desktopprivacyremote.exe

The application desktopprivacyremote.exe has been detected as a potentially unwanted program by 19 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 26726 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address server-54-230-32-131.stl2.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

MD5:

83a64602829b019fd22916500e89337d

SHA-1:

7e65f3442475ed43391f1033e900feb08e94cb35

SHA-256:

7970dfce3ca7bcec75a4fda3cef3529a02176102929b683814a8720087ad74fa

Scanner detections:

19 / 68

Status:

Potentially unwanted

Analysis date:

11/5/2024 7:11:26 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Graftor.145484

938

Agnitum Outpost

PUA.Pirrit

7.1.1

AhnLab V3 Security

PUP/Win32.PirritSuggestor

2014.06.27

Avira AntiVirus

TR/Graftor.145484.1

7.11.158.14

avast!

Win32:Malware-gen

140617-1

AVG

Adware Generic5.AYAL

2014.0.3986

Bitdefender

Gen:Variant.Graftor.145484

1.0.20.960

Clam AntiVirus

Win.Adware.Graftor-148

0.98/19086

Comodo Security

Application.Win32.Pirrit.A

18794

Emsisoft Anti-Malware

Gen:Variant.Graftor.145484

8.14.07.11.10

ESET NOD32

Win32/AdWare.Pirrit.A application

7.0.302.0

F-Secure

Gen:Variant.Graftor.145484

11.2014-11-07_6

G Data

Gen:Variant.Graftor.145484

14.7.24

IKARUS anti.virus

PUA.Pirrit

t3scan.1.6.1.0

K7 AntiVirus

Adware

13.180.12586

MicroWorld eScan

Gen:Variant.Graftor.145484

15.0.0.576

Panda Antivirus

Trj/Genetic.gen

14.07.11.10

Reason Heuristics

Threat.Win.Reputation.IMP

14.7.11.22

VIPRE Antivirus

Threat.4150696

29708

File size:

290.5 KB (297,509 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\desktopprivacyremote.exe

File PE Metadata

Compilation timestamp:

6/24/2014 7:42:13 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.23

CTPH (ssdeep):

6144:OyfPDM+DZ0l0Gd+yOAgo4PKFR+EDyl0V+GvmJyj/KiKIMQGJ7cMcTrEt3+bP:O/aZ8HKPKFR+KycfvmUj/gJ+fP

Entry address:

0x1590

Entry point:

83, EC, 1C, C7, 04, 24, 02, 00, 00, 00, FF, 15, 2C, 79, 44, 00, E8, DB, FB, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, A1, 58, 79, 44, 00, FF, E0, 89, F6, 8D, BC, 27, 00, 00, 00, 00, A1, 4C, 79, 44, 00, FF, E0, 90, 90, 90, 90, 90, 90, 90, 90, 90, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, B0, 43, 00, E8, A6, 74, 02, 00, BA, F8, 71, 42, 00, 83, EC, 04, 85, C0, 74, 15, C7, 44, 24, 04, 13, B0, 43, 00, 89, 04, 24, E8, 92, 74, 02, 00, 83, EC, 08, 89, C2, 85, D2, 74, 11, C7, 44, 24, 04, 08, 60, 44, 00, C7... 
[+]

Entropy:

6.3879

Code size:

226 KB (231,424 bytes)

Local Proxy Server

Proxy for:

Internet Settings

Local host address:

http://127.0.0.1:26726/

Local host port:

26726

Default credentials:

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-54-230-35-138.stl2.r.cloudfront.net (54.230.35.138:80)

TCP (HTTP):

Connects to server-54-230-33-6.stl2.r.cloudfront.net (54.230.33.6:80)

TCP (HTTP):

Connects to server-54-230-32-32.stl2.r.cloudfront.net (54.230.32.32:80)

TCP (HTTP):

Connects to server-54-230-32-131.stl2.r.cloudfront.net (54.230.32.131:80)

TCP (HTTP):

Connects to server-216-137-39-162.stl2.r.cloudfront.net (216.137.39.162:80)

Remove desktopprivacyremote.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.