foufb.exe

Cloud

Cloud Company

The executable foufb.exe has been detected as malware by 1 anti-virus scanner. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time.
Publisher:
Cloud Company

Product:
Cloud

Description:
Cloud Solution

Version:
0.0.0.1

MD5:
81047e8246bfd6cc03406057d70f5ecd

SHA-1:
ab1a1f921a34f28941b5158cc6545654f950ccb4

SHA-256:
5a70cfb03a3b16eb8172f6b19b769af6bd540c2694e90ed650aac01e9e499e5b

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/24/2024 4:41:25 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Trojan.Downloader (M)
16.8.10.12

File size:
274 KB (280,576 bytes)

Product version:
0.0.0.1

Copyright:
Copyright (C) 2014

Original file name:
Mission

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\utqeveba\foufb.exe

File PE Metadata
Compilation timestamp:
1/27/1979 6:25:53 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:2YQ2cMJ4y/bx/Kb4ZPMf2MSpdj/5wFhyy:hImbx/64ZPM+75Cy

Entry address:
0x69FF

Entry point:
55, 8B, EC, 51, 68, 2C, 01, 00, 00, 68, D0, AD, 40, 00, FF, 15, 73, 6B, 40, 00, 68, 98, 9D, 40, 00, FF, 15, 63, 6B, 40, 00, 85, C0, 74, 28, 68, A0, 9D, 40, 00, FF, 15, 93, 6B, 40, 00, 85, C0, 74, 19, 68, B0, 9D, 40, 00, FF, 15, 87, 6B, 40, 00, 3D, 8A, 01, 00, 00, 74, 07, 33, C0, E9, 99, 00, 00, 00, 6A, 51, FF, 15, 8F, 6B, 40, 00, 85, C0, 74, ED, 68, BC, 9D, 40, 00, FF, 15, 8B, 6B, 40, 00, 80, 78, 03, 6E, 75, DC, 56, BE, 50, 03, 00, 00, 6A, 44, FF, 15, EF, 6B, 40, 00, 85, C0, 74, 08, 6A, 70, FF, 15, 9B, 6B...
 
[+]

Entropy:
7.7873

Developed / compiled with:
Microsoft Visual C++

Code size:
16.4 KB (16,834 bytes)

Scheduled Task
Task name:
Security Center Update - 1062479961

Trigger:
Daily (Runs daily at 11:00 AM)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.spotxchange.com  (66.35.51.37:80)

TCP (HTTP SSL):
Connects to vip1.g.cachefly.net  (205.234.175.175:443)

TCP (HTTP):
Connects to sync-fastclick.vclk.akadns.net  (8.18.45.83:80)

TCP (HTTP):
Connects to sjc02-usadmm.dotomi.com  (66.151.150.249:80)

TCP (HTTP):
Connects to server-54-230-89-179.ind6.r.cloudfront.net  (54.230.89.179:80)

TCP (HTTP):
Connects to server-54-230-88-171.ind6.r.cloudfront.net  (54.230.88.171:80)

TCP:
Connects to server-205-251-254-81.ind6.r.cloudfront.net  (205.251.254.81:1935)

TCP:
Connects to server-204-246-180-99.ewr2.r.cloudfront.net  (204.246.180.99:1935)

TCP:
Connects to server-204-246-180-83.ewr2.r.cloudfront.net  (204.246.180.83:1935)

TCP (HTTP):
Connects to retarget.lc.dc.openx.org  (173.241.244.7:80)

TCP (HTTP SSL):
Connects to r-199-59-150-42.twttr.com  (199.59.150.42:443)

TCP (HTTP):
Connects to presentation-atl1.turn.com  (50.116.194.21:80)

TCP (HTTP):
Connects to ord08s08-in-f28.1e100.net  (74.125.225.124:80)

TCP (HTTP):
Connects to ord08s08-in-f13.1e100.net  (74.125.225.109:80)

TCP (HTTP SSL):
Connects to ord08s07-in-f27.1e100.net  (74.125.225.91:443)

TCP (HTTP):
Connects to ord08s07-in-f25.1e100.net  (74.125.225.89:80)

TCP (HTTP):
Connects to mpr2.ngd.vip.ne1.yahoo.com  (98.138.49.43:80)

TCP (HTTP):
Connects to mpr2.ngd.vip.bf1.yahoo.com  (98.139.225.43:80)

TCP (HTTP):
Connects to media.sj2.vcmedia.com  (64.156.167.95:80)

TCP (HTTP):
Connects to lh22141.voxility.net  (37.221.168.50:80)

Remove foufb.exe - Powered by Reason Core Security