desktoptoolmini_global_br.exe

qiusheng xie

The application desktoptoolmini_global_br.exe by qiusheng xie has been detected as a potentially unwanted program by 3 anti-malware scanners. While running, it connects to the Internet address i0-h0-s4.p0-gig.cdngp.net on port 80 using the HTTP protocol.
Publisher:
qiusheng xie  (signed and verified)

MD5:
7065c8fe2ffaf62b0f0d20596ee3a661

SHA-1:
64fdd5e77def4cd99b8b8458129ef4ae75a652db

SHA-256:
09073400c3567f0f9979686924c19c84af9adc099bc4aa2e3460be37cfaf10f2

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 8:35:10 AM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
Application.Win32.BaiduWrapper.DA
23200

ESET NOD32
Win32/Toptools.A potentially unwanted (variant)
9.12223

Reason Heuristics
PUP.Qiusheng.qiushengxie.Meta (L)
15.11.27.23

File size:
766.2 KB (784,544 bytes)

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
4/27/2015 2:00:00 AM

Valid to:
4/27/2016 1:59:59 AM

Subject:
CN=qiusheng xie, OU=Individual Developer, O=No Organization Affiliation, L=深圳市, S=广东省, C=CN

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
3C70F2B2B6E352094A12BA8665D3A9D1

File PE Metadata
Compilation timestamp:
8/27/2015 1:02:49 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:l+qch7anphVu3gZpirEG6Q7BWkzVJp6whA6g4M1Kc2ZYOEGIb34YgmL+P:l+xNanfzQ6Q7jz3p6QAWFcGUhgmL+P

Entry address:
0x513DE

Entry point:
E8, 11, 91, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 5D, 08, 56, 57, 33, FF, 39, 7D, 14, 75, 10, 3B, DF, 75, 10, 39, 7D, 0C, 75, 12, 33, C0, 5F, 5E, 5B, C9, C3, 3B, DF, 74, 07, 8B, 4D, 0C, 3B, CF, 77, 1B, E8, CF, 31, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 7A, EC, FF, FF, 83, C4, 14, 8B, C6, EB, D5, 8B, 55, 10, 39, 7D, 14, 74, 0B, 3B, D7, 75, 07, 33, C0, 66, 89, 03, EB, D2, 6A, 02, 8B, C3, 89, 4D, FC, 5E, 66, 39, 38, 74, 07, 03, C6, FF, 4D, FC, 75, F4, 39, 7D, FC, 74, E0, 83...
 
[+]

Code size:
427 KB (437,248 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to i0-h0-s4.p0-gig.cdngp.net  (174.35.87.69:80)

TCP (HTTP):
Connects to i0-h0-s1.p0-gig.cdngp.net  (174.35.87.66:80)

TCP (HTTP):
Connects to i0-h0-s3.p0-gig.cdngp.net  (174.35.87.68:80)

TCP (HTTP):
Connects to i0-h0-s2.p0-gig.cdngp.net  (174.35.87.67:80)

TCP (HTTP):
Connects to i0-h0-s5.p0-gig.cdngp.net  (174.35.87.70:80)

TCP (HTTP):
Connects to ec2-52-200-118-41.compute-1.amazonaws.com  (52.200.118.41:80)

TCP (HTTP):
Connects to ec2-52-72-29-94.compute-1.amazonaws.com  (52.72.29.94:80)

TCP (HTTP):
Connects to i0-h0-s1057.p0-mia.cdngp.net  (174.35.36.90:80)

TCP (HTTP):
Connects to i0-h0-s1044.p0-mia.cdngp.net  (174.35.36.77:80)

TCP (HTTP):
Connects to ec2-54-236-119-173.compute-1.amazonaws.com  (54.236.119.173:80)

TCP (HTTP):
Connects to ec2-52-20-77-77.compute-1.amazonaws.com  (52.20.77.77:80)

TCP (HTTP):
Connects to ec2-52-204-49-223.compute-1.amazonaws.com  (52.204.49.223:80)

TCP (HTTP):
Connects to dns.technobox.com.br  (201.21.193.144:80)

TCP (HTTP):
Connects to unallocated.barefruit.co.uk  (92.242.140.20:80)

TCP (HTTP):
Connects to ip-172-20-1-2.ec2.internal  (172.20.1.2:80)

TCP (HTTP):
Connects to i0-h0-s2132.p9-jfk.cdngp.net  (174.35.76.28:80)

TCP (HTTP):
Connects to i0-h0-s2049.p9-jfk.cdngp.net  (174.35.73.135:80)

TCP (HTTP):
Connects to i0-h0-s2011.p9-jfk.cdngp.net  (174.35.73.80:80)

TCP (HTTP):
Connects to i0-h0-s1060.p0-mia.cdngp.net  (174.35.36.93:80)

TCP (HTTP):
Connects to i0-h0-s1059.p0-mia.cdngp.net  (174.35.36.92:80)

Remove desktoptoolmini_global_br.exe - Powered by Reason Core Security