home

easyredirect.exe

EasyRedirect.exe

Edelino Commerce Inc.

The executable easyredirect.exe has been detected as malware by 3 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “EasyRedirect”.
Publisher:
EasyTech  (signed by Edelino Commerce Inc.)

Product:
EasyRedirect.exe

Version:
2.3.3.0

MD5:
17df12b3f8715ba4d3cfdd00e19e194c

SHA-1:
99281682eac1a7b2df1fda0be98f6f0f3ab88d95

SHA-256:
31bc39f15b80a2cdcaaa4f724c9c89f219f6647b832b6ea0895843de53fcc7e3

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
12/27/2024 2:18:24 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Floxif.H virus
6.3.12010.0

F-Prot
W32/Floxif.B
4.6.5.141

F-Secure
Win32.Floxif.A
5.15.154

File size:
4.2 MB (4,389,541 bytes)

Product version:
2.3.3.0

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\easy-hide-ip vpn\rdr\easyredirect.exe

Digital Signature
Signed by:
Edelino Commerce Inc.

Authority:
GoDaddy.com, Inc.

Valid from:
2/3/2016 2:50:38 AM

Valid to:
2/3/2019 2:50:38 AM

Subject:
CN=Edelino Commerce Inc., O=Edelino Commerce Inc., L=Mahe, C=SC

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
51EFA2F8848710F3

File PE Metadata
Compilation timestamp:
2/23/2015 3:02:42 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x1A00BC

Entry point:
E9, 08, 61, FF, FF, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 6A, 0A, 6A, 00, FF, 75, 08, E8, 1F, 58, 01, 00, 83, C4, 0C, 5D, C3, 8B, FF, 55, 8B, EC, FF, 75, 0C, 6A, 0A, 6A, 00, FF, 75, 08, E8, 31, 58, 01, 00, 83, C4, 10, 5D, C3, 8B, FF, 55, 8B, EC, 5D, E9, C6, FF, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, D1, FF, FF, FF, 8B, FF, 55, 8B, EC, 6A, 0A, 6A, 00, FF, 75, 08, E8, 1F, 5B, 01, 00, 83, C4, 0C, 5D, C3, 8B, FF, 55, 8B, EC, FF, 75, 0C, 6A, 0A, 6A, 00, FF, 75, 08, E8, 31, 5B, 01, 00, 83, C4, 10, 5D, C3, 8B, FF...
 
[+]

Entropy:
5.9688

Packer / compiler:
tElock 0.99 - 1.0 private

Code size:
3.3 MB (3,475,456 bytes)

Service
Display name:
EasyRedirect

Description:
EasyRedirect Redirector service

Type:
Win32OwnProcess

Depends on:
RPCSS


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a72-247-178-27.deploy.akamaitechnologies.com  (72.247.178.27:80)

TCP (HTTP):
Connects to a-0003.a-msedge.net  (204.79.197.203:80)

TCP (HTTP):
Connects to dmppixel-shared-mtc-c.evip.aol.com  (64.12.245.38:80)

TCP (HTTP):
Connects to a23-66-21-99.deploy.static.akamaitechnologies.com  (23.66.21.99:80)

TCP (HTTP):
Connects to a23-201-255-9.deploy.static.akamaitechnologies.com  (23.201.255.9:80)

TCP (HTTP):
Connects to 186.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net  (185.33.220.197:80)

TCP (HTTP):
Connects to ox-173-241-248-143.xf.dc.openx.org  (173.241.248.143:80)

TCP (HTTP):
Connects to oneads-atatwola-adtech-scd-blue-b.evip.aol.com  (152.163.20.131:80)

TCP (HTTP SSL):
Connects to ec2-79-125-113-201.eu-west-1.compute.amazonaws.com  (79.125.113.201:443)

TCP (HTTP):
Connects to ec2-79-125-113-188.eu-west-1.compute.amazonaws.com  (79.125.113.188:80)

TCP (HTTP SSL):
Connects to ec2-54-247-73-98.eu-west-1.compute.amazonaws.com  (54.247.73.98:443)

TCP (HTTP):
Connects to ec2-52-59-65-103.eu-central-1.compute.amazonaws.com  (52.59.65.103:80)

TCP (HTTP):
Connects to ec2-52-57-198-59.eu-central-1.compute.amazonaws.com  (52.57.198.59:80)

TCP (HTTP):
Connects to ec2-52-29-215-104.eu-central-1.compute.amazonaws.com  (52.29.215.104:80)

TCP (HTTP):
Connects to ec2-52-26-154-197.us-west-2.compute.amazonaws.com  (52.26.154.197:80)

TCP (HTTP):
Connects to ec2-46-137-74-128.eu-west-1.compute.amazonaws.com  (46.137.74.128:80)

TCP (HTTP):
Connects to dis.criteo.com  (178.250.2.76:80)

TCP (HTTP):
Connects to a92-122-181-191.deploy.akamaitechnologies.com  (92.122.181.191:80)

TCP (HTTP):
Connects to a88-221-70-115.deploy.akamaitechnologies.com  (88.221.70.115:80)

TCP (HTTP):
Connects to a72-247-178-186.deploy.akamaitechnologies.com  (72.247.178.186:80)

Remove easyredirect.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.