desktopprivacyremote.exe

The application desktopprivacyremote.exe has been detected as a potentially unwanted program by 19 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 26726 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address server-54-230-32-131.stl2.r.cloudfront.net on port 80 using the HTTP protocol.
MD5:
83a64602829b019fd22916500e89337d

SHA-1:
7e65f3442475ed43391f1033e900feb08e94cb35

SHA-256:
7970dfce3ca7bcec75a4fda3cef3529a02176102929b683814a8720087ad74fa

Scanner detections:
19 / 68

Status:
Potentially unwanted

Analysis date:
12/28/2024 10:13:07 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.145484
938

Agnitum Outpost
PUA.Pirrit
7.1.1

AhnLab V3 Security
PUP/Win32.PirritSuggestor
2014.06.27

Avira AntiVirus
TR/Graftor.145484.1
7.11.158.14

avast!
Win32:Malware-gen
140617-1

AVG
Adware Generic5.AYAL
2014.0.3986

Bitdefender
Gen:Variant.Graftor.145484
1.0.20.960

Clam AntiVirus
Win.Adware.Graftor-148
0.98/19086

Comodo Security
Application.Win32.Pirrit.A
18794

Emsisoft Anti-Malware
Gen:Variant.Graftor.145484
8.14.07.11.10

ESET NOD32
Win32/AdWare.Pirrit.A application
7.0.302.0

F-Secure
Gen:Variant.Graftor.145484
11.2014-11-07_6

G Data
Gen:Variant.Graftor.145484
14.7.24

IKARUS anti.virus
PUA.Pirrit
t3scan.1.6.1.0

K7 AntiVirus
Adware
13.180.12586

MicroWorld eScan
Gen:Variant.Graftor.145484
15.0.0.576

Panda Antivirus
Trj/Genetic.gen
14.07.11.10

Reason Heuristics
Threat.Win.Reputation.IMP
14.7.11.22

VIPRE Antivirus
Threat.4150696
29708

File size:
290.5 KB (297,509 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\desktopprivacyremote.exe

File PE Metadata
Compilation timestamp:
6/24/2014 7:42:13 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.23

CTPH (ssdeep):
6144:OyfPDM+DZ0l0Gd+yOAgo4PKFR+EDyl0V+GvmJyj/KiKIMQGJ7cMcTrEt3+bP:O/aZ8HKPKFR+KycfvmUj/gJ+fP

Entry address:
0x1590

Entry point:
83, EC, 1C, C7, 04, 24, 02, 00, 00, 00, FF, 15, 2C, 79, 44, 00, E8, DB, FB, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, A1, 58, 79, 44, 00, FF, E0, 89, F6, 8D, BC, 27, 00, 00, 00, 00, A1, 4C, 79, 44, 00, FF, E0, 90, 90, 90, 90, 90, 90, 90, 90, 90, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, B0, 43, 00, E8, A6, 74, 02, 00, BA, F8, 71, 42, 00, 83, EC, 04, 85, C0, 74, 15, C7, 44, 24, 04, 13, B0, 43, 00, 89, 04, 24, E8, 92, 74, 02, 00, 83, EC, 08, 89, C2, 85, D2, 74, 11, C7, 44, 24, 04, 08, 60, 44, 00, C7...
 
[+]

Entropy:
6.3879

Code size:
226 KB (231,424 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:26726/

Local host port:
26726

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-35-138.stl2.r.cloudfront.net  (54.230.35.138:80)

TCP (HTTP):
Connects to server-54-230-33-6.stl2.r.cloudfront.net  (54.230.33.6:80)

TCP (HTTP):
Connects to server-54-230-32-32.stl2.r.cloudfront.net  (54.230.32.32:80)

TCP (HTTP):
Connects to server-54-230-32-131.stl2.r.cloudfront.net  (54.230.32.131:80)

TCP (HTTP):
Connects to server-216-137-39-162.stl2.r.cloudfront.net  (216.137.39.162:80)

Remove desktopprivacyremote.exe - Powered by Reason Core Security