home

ground.exe

The application ground.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address apache2-yak.zarniwoop.dreamhost.com on port 80 using the HTTP protocol.
MD5:
955408ad3e7a1ef6345142ad6b4b4906

SHA-1:
e13100f2e2b6ed6b083943bfe687917c00d3d9d7

SHA-256:
13c072086d460970631ecdda5b36493c65a4a942ca6b66183374e5a2a4d11b57

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 6:17:37 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Downloader (M)
17.2.7.15

File size:
629.5 KB (644,608 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\ground.exe

File PE Metadata
Compilation timestamp:
7/30/1998 4:08:28 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x930E4

Entry point:
0F, BF, FA, 84, F0, B9, 58, 88, A4, 9B, EB, 08, 10, ED, 69, EF, CE, 0E, AD, A6, 85, EF, 72, 04, 3C, 21, 13, F9, 87, C9, 11, D3, 0F, BE, EF, 2B, D2, 71, 02, 8B, C2, 69, FB, B1, 5E, B3, 41, F2, 08, DD, 25, 58, 56, 64, BA, 84, C2, 81, C2, C2, 0A, 00, 00, FE, CD, 69, EF, B2, 98, E5, A2, 80, E3, E8, 81, EA, C1, 0A, 00, 00, 09, D5, 09, FE, 69, CD, 40, 4E, B1, 44, 24, 97, F3, 1A, DE, 81, FA, 46, 03, 00, 00, 0F, 8C, BA, FF, FF, FF, C6, C1, 7E, 87, F5, 80, D0, 81, 55, 87, FB, E8, 25, 00, 00, 00, 2D, 4E, 18, F1, 83...
 
[+]

Entropy:
6.8939

Code size:
451 KB (461,824 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to apache2-yak.zarniwoop.dreamhost.com  (173.236.154.78:80)

TCP (HTTP):
Connects to win04-host-kb.turkticaret.net  (31.186.8.104:80)

TCP (HTTP):
Connects to windows12.internetbilisim.net  (185.126.217.250:80)

TCP (HTTP):
Connects to server123.managedns.org  (103.14.97.123:80)

TCP (HTTP):
Connects to neptune.corpservers.net  (63.247.87.162:80)

Remove ground.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.