home

hndclient.exe

HandyCafe Client

Ates Software

The executable hndclient.exe has been detected as malware by 22 anti-virus scanners. While running, it connects to the Internet address li502-78.members.linode.com on port 80 using the HTTP protocol.
Publisher:
Ates Software

Product:
HandyCafe Client

Version:
2.1.1.7

MD5:
79c01838c205c71ca9402d8f22228482

SHA-1:
c01d63cac436f8e340e745e827035ee289dc7d86

Scanner detections:
22 / 68

Status:
Malware

Analysis date:
11/23/2024 5:25:18 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.519836
851

avast!
Win32:Spyware-gen [Spy]
2014.9-141006

AVG
Win32/DH{gQxEIH18LhMPUkOBEg}
2015.0.3329

Baidu Antivirus
Trojan.Win32.Startpage
4.0.3.14106

Bitdefender
Trojan.Generic.519836
1.0.20.1395

Clam AntiVirus
Win.Trojan.519836
0.98/21411

Comodo Security
Heur.Suspicious
18638

Dr.Web
Trojan.StartPage.47973
9.0.1.0279

Emsisoft Anti-Malware
Trojan.Generic.519836
8.14.10.06.04

F-Secure
Trojan.Generic.519836
11.2014-06-10_2

G Data
Trojan.Generic.519836
14.10.24

McAfee
Artemis!79C01838C205
5600.6985

MicroWorld eScan
Trojan.Generic.519836
15.0.0.837

Norman
Malware
11.20141006

nProtect
Trojan.Generic.519836
14.06.23.01

Panda Antivirus
Generic Trojan
14.10.06.04

Qihoo 360 Security
Win32/Trojan.Spy.5f8
1.0.0.1015

Rising Antivirus
PE:Trojan.Win32.Generic.1296E001!311877633
23.00.65.141004

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R047C0OF614
7.2.279

Trend Micro
TROJ_GEN.R047C0OF614
10.465.06

VIPRE Antivirus
SC-KeyLog
30568

File size:
646.5 KB (662,016 bytes)

Product version:
2.1

Copyright:
Ates Software

Trademarks:
Ates Software

Original file name:
hndclient.exe

File type:
Executable application (Win32 EXE)

Language:
Turc

Common path:
C:\Program Files\handycafe\client\hndclient.exe

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:V85ZJUlnHSulODGkWaN6hQOiw46v2EVl7a:iZJ6yeWzNOXfv3Vl

Entry address:
0x15C001

Entry point:
60, E8, 72, 05, 00, 00, EB, 4C, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 87, DB, 90, 00, C0, 50, 00, 14, C0, 50, 00, A4, F0, 4F, 00, 10, D0, 50, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, C0, 15, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, BB, 70, 29, 44, 00, 03, DD, 2B, 9D, A1, 29, 44, 00, 83, BD, D4, 37, 44, 00, 00, 89, 9D, D4, 37, 44, 00, 0F, 85, 68, 04, 00, 00, 8D, 85, DC, 37, 44, 00, 50, FF, 95, E8, 38, 44...
 
[+]

Packer / compiler:
ASPack v2.001

Code size:
1014 KB (1,038,336 bytes)

Windows Firewall Allowed Program
Name:
C:\PROGRA~1\HANDYC~1\Client\HNDCLI~1.EXE


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to li1358-159.members.linode.com  (139.162.195.159:80)

TCP (HTTP):
Connects to 247.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net  (37.252.172.42:80)

TCP (HTTP):
Connects to li502-78.members.linode.com  (176.58.115.78:80)

TCP (HTTP):
Connects to 244.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net  (37.252.172.12:80)

TCP (HTTP):
Connects to 229.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net  (185.33.220.26:80)

TCP (HTTP):
Connects to 152.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net  (37.252.172.80:80)

TCP (HTTP):
Connects to 246.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net  (37.252.172.39:80)

TCP (HTTP):
Connects to 238.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net  (185.33.220.10:80)

TCP (HTTP):
Connects to 230.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net  (185.33.220.58:80)

TCP (HTTP):
Connects to 201.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net  (185.33.220.199:80)

TCP (HTTP):
Connects to 161.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net  (185.33.220.59:80)

TCP (HTTP):
Connects to 154.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net  (37.252.172.70:80)

TCP (HTTP):
Connects to 153.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net  (37.252.172.27:80)

TCP (HTTP):
Connects to hkg12s11-in-f14.1e100.net  (216.58.200.14:80)

TCP (HTTP):
Connects to hkg12s01-in-f110.1e100.net  (216.58.197.110:80)

TCP (HTTP):
Connects to 205.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net  (185.33.221.58:80)

TCP (HTTP):
Connects to 203.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net  (185.33.220.38:80)

TCP (HTTP):
Connects to 184.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net  (185.33.220.215:80)

TCP (HTTP):
Connects to 177.bm-nginx-loadbalancer.mgmt.lax1.adnexus.net  (104.254.150.77:80)

TCP (HTTP):
Connects to 175.bm-nginx-loadbalancer.mgmt.sin1.adnexus.net  (103.243.220.231:80)

Remove hndclient.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.