DonutLeadsService.exe

DonutLeadsService

The application DonutLeadsService.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 8800 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. This file is typically installed with the program DonutQuotes by DonutLeads.
Product:
DonutLeadsService

Version:
1.4.1.0

MD5:
f6c8dc15d8761a0a51f729c96277d1d0

SHA-1:
c15c37130f66d613819b903110b7b3ff87344e24

SHA-256:
4b38dbdec40749828b7056007b3a09d07e998049b9be2df9dad1d5961bb20c3d

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 1:44:02 PM UTC  (today)

Scan engine
Detection
Engine version

IKARUS anti.virus
PUA.Downloader
t3scan.1.7.8.0

Malwarebytes
PUP.Optional.DonutLeads.A
v2014.10.29.05

Reason Heuristics
PUP.Sendori.Leads (M)
16.3.23.21

File size:
370 KB (378,880 bytes)

Product version:
1.4.1.0

Copyright:
Copyright © 2014

Original file name:
DonutLeadsService.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\donutleads\donutleadsservice.exe

File PE Metadata
Compilation timestamp:
10/26/2014 6:42:44 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:R5kutnojq/NM9cu45k468SQ1Drd5fc1AJc9wc/8T1wJSCbkIZra6TuHS2RmaNd9f:Lt8cux468tSWCazL+9Ems

Entry address:
0x5DDEE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 50, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 68, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.7279

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
367.5 KB (376,320 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:8800/

Local host port:
8800

Default credentials:
No


The file DonutLeadsService.exe has been discovered within the following program.

DonutQuotes  by DonutLeads
About 7% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to mia07s26-in-f16.1e100.net  (173.194.125.48:80)

TCP (HTTP):
Connects to hosted-by.leaseweb.com  (198.7.59.21:80)

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP SSL):
Connects to ec2-52-6-211-205.compute-1.amazonaws.com  (52.6.211.205:443)

TCP (HTTP):
Connects to bzq-218-31-154.cablep.bezeqint.net  (81.218.31.154:80)

TCP (HTTP):
Connects to a69-192-203-130.deploy.akamaitechnologies.com  (69.192.203.130:80)

TCP (HTTP):
Connects to a184-84-183-41.deploy.static.akamaitechnologies.com  (184.84.183.41:80)

TCP (HTTP):
Connects to 50.97.234.3-static.reverse.softlayer.com  (50.97.234.3:80)

TCP (HTTP):
Connects to 50.22.123.186-static.reverse.softlayer.com  (50.22.123.186:80)

TCP (HTTP):
Connects to 208.101.20.2-static.reverse.softlayer.com  (208.101.20.2:80)

Remove DonutLeadsService.exe - Powered by Reason Core Security