editions.exe

Editions

The application editions.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named 25079422 triggered to execute each time a user logs in.
Publisher:
Editions

Product:
Editions

Version:
6.9.2.83

MD5:
5043afda9290016e7f8c1735bc6848fa

SHA-1:
8ea600867283135d223c6b120ade3c77cd1b2cbd

SHA-256:
0919e9a5ce60db4d5dfc804e5ae4ef957a90160cc498d33dc7075259d0098cbd

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 12:10:13 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Adware.Dotdo.AP application
6.3.12010.0

Reason Heuristics
Adware.Dotdo.ET (M)
17.2.4.20

File size:
10.5 KB (10,752 bytes)

Product version:
6.9.2.83

Copyright:
Copyright © Editions 2017

Trademarks:
© 2017 Editions

Original file name:
editions.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\roomie\editions.exe

File PE Metadata
Compilation timestamp:
2/3/2017 9:14:05 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x3D4E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.1240

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
7.5 KB (7,680 bytes)

Scheduled Task
Task name:
25079422

Trigger:
Logon (Runs on logon)

Description:
2507942225079422


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to static.hosted-by.miamidedicated.com  (162.222.193.86:80)

TCP (HTTP):
Connects to cdce.nym011.internap.com  (63.251.19.6:80)

TCP (HTTP):
Connects to 46.c8.c0ad.ip4.static.sl-reverse.com  (173.192.200.70:80)

TCP (HTTP):
Connects to hosted-by.instantdedicated.com  (188.95.50.62:80)

TCP (HTTP):
Connects to pr-bh.pbp.vip.bf1.yahoo.com  (72.30.2.182:80)

TCP (HTTP):
Connects to ec2-54-88-179-192.compute-1.amazonaws.com  (54.88.179.192:80)

TCP (HTTP):
Connects to lb-web.ustream.tv  (199.66.238.211:80)

TCP (HTTP):
Connects to server-54-192-3-162.lhr5.r.cloudfront.net  (54.192.3.162:80)

TCP (HTTP):
Connects to ec2-54-86-195-49.compute-1.amazonaws.com  (54.86.195.49:80)

TCP (HTTP):
Connects to ec2-50-17-106-107.compute-1.amazonaws.com  (50.17.106.107:80)

TCP (HTTP):

TCP (HTTP):
Connects to server-52-85-94-31.jfk5.r.cloudfront.net  (52.85.94.31:80)

TCP (HTTP):
Connects to ec2-54-88-255-222.compute-1.amazonaws.com  (54.88.255.222:80)

TCP (HTTP):
Connects to ec2-52-71-180-164.compute-1.amazonaws.com  (52.71.180.164:80)

TCP (HTTP SSL):
Connects to ec2-107-21-113-88.compute-1.amazonaws.com  (107.21.113.88:443)

TCP (HTTP SSL):
Connects to ec2-107-20-184-146.compute-1.amazonaws.com  (107.20.184.146:443)

TCP (HTTP SSL):
Connects to server-54-192-48-157.jfk5.r.cloudfront.net  (54.192.48.157:443)

TCP (HTTP):
Connects to server-54-192-2-178.lhr5.r.cloudfront.net  (54.192.2.178:80)

TCP (HTTP SSL):
Connects to ec2-54-87-193-166.compute-1.amazonaws.com  (54.87.193.166:443)

TCP (HTTP SSL):
Connects to ec2-54-235-190-12.compute-1.amazonaws.com  (54.235.190.12:443)

Remove editions.exe - Powered by Reason Core Security