encyclopedias.exe

abc

The application encyclopedias.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named 19405391 triggered to execute each time a user logs in. While running, it connects to the Internet address static.hosted-by.miamidedicated.com on port 80 using the HTTP protocol.
Product:
abc

Version:
1.0.0.0

MD5:
c94d4e4774556966af1c79361e3fe222

SHA-1:
9d0297b1440f4f4e3e1f0154cf5a182212174cb9

SHA-256:
689752976e1ae6b1975bc7857f9c252a20423cd6e4ecbd15599a28de7603794d

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 10:44:33 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Adware.Dotdo.AP application
6.3.12010.0

Reason Heuristics
Adware.Dotdo.ET (M)
17.1.2.21

File size:
10.5 KB (10,752 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2016

Original file name:
encyclopedias.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\encyclopedias.exe

File PE Metadata
Compilation timestamp:
12/31/2016 10:00:22 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x3F9E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00...
 
[+]

Entropy:
4.3149

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
8 KB (8,192 bytes)

Scheduled Task
Task name:
19405391

Trigger:
Logon (Runs on logon)

Description:
1940539119405391


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to static.hosted-by.miamidedicated.com  (162.222.193.86:80)

TCP (HTTP SSL):
Connects to 57.247.178.107.bc.googleusercontent.com  (107.178.247.57:443)

TCP (HTTP SSL):
Connects to server-54-192-83-166.mia50.r.cloudfront.net  (54.192.83.166:443)

TCP (HTTP):
Connects to ec2-54-89-17-130.compute-1.amazonaws.com  (54.89.17.130:80)

TCP (HTTP):
Connects to ec2-52-87-22-166.compute-1.amazonaws.com  (52.87.22.166:80)

TCP (HTTP):
Connects to ec2-52-14-55-205.us-east-2.compute.amazonaws.com  (52.14.55.205:80)

TCP (HTTP):
Connects to hosted-by.instantdedicated.com  (188.95.50.96:80)

TCP (HTTP):
Connects to server-54-192-83-164.mia50.r.cloudfront.net  (54.192.83.164:80)

TCP (HTTP):
Connects to ec2-52-86-129-112.compute-1.amazonaws.com  (52.86.129.112:80)

TCP (HTTP):
Connects to ec2-52-72-224-189.compute-1.amazonaws.com  (52.72.224.189:80)

TCP (HTTP):
Connects to ec2-52-7-160-24.compute-1.amazonaws.com  (52.7.160.24:80)

TCP (HTTP):
Connects to ec2-52-45-44-149.compute-1.amazonaws.com  (52.45.44.149:80)

TCP (HTTP):
Connects to ec2-52-20-128-160.compute-1.amazonaws.com  (52.20.128.160:80)

TCP (HTTP SSL):
Connects to ec2-52-15-39-8.us-east-2.compute.amazonaws.com  (52.15.39.8:443)

TCP (HTTP):
Connects to ec2-34-194-39-225.compute-1.amazonaws.com  (34.194.39.225:80)

TCP (HTTP):
Connects to 198-178-124-244.static.hvvc.us  (198.178.124.244:80)

TCP (HTTP):
Connects to 162-220-57-41.static.hvvc.us  (162.220.57.41:80)

TCP (HTTP):
Connects to 108-61-16-189.constant.com  (108.61.16.189:80)

TCP (HTTP):
Connects to pr-bh.pbp.vip.bf1.yahoo.com  (72.30.2.182:80)

TCP (HTTP):
Connects to lga-delivery-7.sys.adgear.com  (173.231.178.115:80)

Remove encyclopedias.exe - Powered by Reason Core Security