gestalt.exe

Gestalt

The application gestalt.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named 21096345 triggered to execute each time a user logs in. While running, it connects to the Internet address cdce.mia005.internap.com on port 80 using the HTTP protocol.
Publisher:
Gestalt

Product:
Gestalt

Version:
1.5.3.199

MD5:
bf1be5e5cc497f42a12e70c3c942b20d

SHA-1:
bb291acac13cfbb4f291ba646716ddcbfb6dd816

SHA-256:
1e2c0a451f0453e98ce42e0c5c9fe9292bb24496ce378870bf09e293ef7f25a0

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/28/2024 12:22:23 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Adware.Dotdo.AP application
6.3.12010.0

Reason Heuristics
Adware.Dotdo.ET (M)
17.1.17.2

File size:
8.5 KB (8,704 bytes)

Product version:
1.5.3.199

Copyright:
Copyright © Gestalt 2017

Trademarks:
© 2017 Gestalt

Original file name:
gestalt.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\imprimatur\gestalt.exe

File PE Metadata
Compilation timestamp:
1/16/2017 11:12:31 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x36CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.3561

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
6 KB (6,144 bytes)

Scheduled Task
Task name:
21096345

Trigger:
Logon (Runs on logon)

Description:
2109634521096345


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to static.hosted-by.miamidedicated.com  (162.222.193.17:80)

TCP (HTTP):
Connects to hosted-by.instantdedicated.com  (188.95.50.62:80)

TCP (HTTP):
Connects to cdce.mia005.internap.com  (66.151.47.235:80)

TCP (HTTP):
Connects to installer1.monetizus.com  (46.101.124.23:80)

TCP (HTTP):
Connects to lb-web.ustream.tv  (199.66.238.212:80)

TCP (HTTP):
Connects to 162-254-148-148.static.hvvc.us  (162.254.148.148:80)

TCP (HTTP):
Connects to static-35-212-205-209.24shells.net  (209.205.212.35:80)

TCP (HTTP):
Connects to static-122-212-205-209.24shells.net  (209.205.212.122:80)

TCP (HTTP):
Connects to server-52-85-35-40.mia50.r.cloudfront.net  (52.85.35.40:80)

TCP (HTTP SSL):
Connects to server-52-85-35-233.mia50.r.cloudfront.net  (52.85.35.233:443)

TCP (HTTP):
Connects to server-52-85-35-100.mia50.r.cloudfront.net  (52.85.35.100:80)

TCP (HTTP):
Connects to server-52-84-132-203.atl52.r.cloudfront.net  (52.84.132.203:80)

TCP (HTTP):
Connects to map2.hwcdn.net  (205.185.216.10:80)

TCP (HTTP):
Connects to i1-h0-s1001.p0-mia.cdngp.net  (174.35.37.6:80)

TCP (HTTP):
Connects to ec2-54-236-93-11.compute-1.amazonaws.com  (54.236.93.11:80)

TCP (HTTP):
Connects to ec2-54-174-71-94.compute-1.amazonaws.com  (54.174.71.94:80)

TCP (HTTP):
Connects to ec2-52-90-122-74.compute-1.amazonaws.com  (52.90.122.74:80)

TCP (HTTP):
Connects to ec2-52-86-123-247.compute-1.amazonaws.com  (52.86.123.247:80)

TCP (HTTP):
Connects to ec2-52-73-50-55.compute-1.amazonaws.com  (52.73.50.55:80)

TCP (HTTP):
Connects to ec2-52-6-110-100.compute-1.amazonaws.com  (52.6.110.100:80)

Remove gestalt.exe - Powered by Reason Core Security