hndclient.exe

HandyCafe Client

Ates Software

The executable hndclient.exe has been detected as malware by 8 anti-virus scanners. While running, it connects to the Internet address li502-78.members.linode.com on port 80 using the HTTP protocol.
Publisher:
Ates Software

Product:
HandyCafe Client

Version:
2.1.3.4

MD5:
12b8bbb7c7806b842cdbe0f5146bb185

SHA-1:
b55739ac000e82e2bec6f175f28f16f29a8262b8

SHA-256:
6d1c53c464cc2096a5cd982c005afb89c9e5b14f46616558347842bb970ab558

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
12/28/2024 11:55:13 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.Clodf58.Trojan
1.3.0.4959

Comodo Security
Heur.Suspicious
20026

Dr.Web
Trojan.StartPage.49139
9.0.1.060

McAfee
Generic.dx!12B8BBB7C780
5600.6840

NANO AntiVirus
Trojan.Win32.StartPage.dfpndf
0.28.6.62995

Norman
Malware
11.20150301

Rising Antivirus
PE:Trojan.Win32.Generic.15759F17!360029975
23.00.65.15227

VIPRE Antivirus
Trojan-Downloader.Generic
34618

File size:
650.5 KB (666,112 bytes)

Product version:
2.1

Copyright:
Ates Software

Trademarks:
Ates Software

Original file name:
hndclient.exe

File type:
Executable application (Win32 EXE)

Language:
Turc (Turquie)

Common path:
C:\Program Files\handycafe\client\hndclient.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:Ek7fDcXIHH+O69qlr/cz6ij7R9Eq34t4K7aRj7tB46v2EVIgD:Xsqi9qZ/aP7R9E3t4KOB7Lv3VI

Entry address:
0x15F001

Entry point:
60, E8, 72, 05, 00, 00, EB, 4C, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 87, DB, 90, 00, F0, 50, 00, 14, F0, 50, 00, A4, 20, 50, 00, 10, 00, 51, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, F0, 15, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, BB, 70, 29, 44, 00, 03, DD, 2B, 9D, A1, 29, 44, 00, 83, BD, D4, 37, 44, 00, 00, 89, 9D, D4, 37, 44, 00, 0F, 85, 68, 04, 00, 00, 8D, 85, DC, 37, 44, 00, 50, FF, 95, E8, 38, 44...
 
[+]

Packer / compiler:
ASPack v2.001

Code size:
1 MB (1,052,672 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to li502-78.members.linode.com  (176.58.115.78:80)

Remove hndclient.exe - Powered by Reason Core Security