home

Homepage.exe

Homepage

TheBestMatch

The application Homepage.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Homepage”. While running, it connects to the Internet address c-0001.dc-msedge.net on port 80 using the HTTP protocol.
Publisher:
TheBestMatch

Product:
Homepage

Version:
1.0.0.6

MD5:
c35dbd373d64fe3b8443e194daa73150

SHA-1:
5bdce4e1de0b8842fed2e25cbee81ff082e8e798

SHA-256:
11ac6f71849d073d732add662dfa9cb86a83dcd57360f733d2d644624a668068

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 2:56:20 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TheBestMatch (M)
16.3.23.21

File size:
48.5 KB (49,664 bytes)

Product version:
1.0.0.6

Copyright:
Copyright © TheBestMatch 2011-2012

Original file name:
Homepage.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\thebestmatch\homepage\homepage.exe

File PE Metadata
Compilation timestamp:
7/26/2012 8:40:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:le4iYEw5No4wym8G6MEKJrvBoz9jo19PXo:leJYw8G6MxJrBoz9Urfo

Entry address:
0xD74E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
46 KB (47,104 bytes)

Service
Display name:
Homepage

Type:
Win32OwnProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 155.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net  (37.252.172.40:80)

TCP (HTTP):
Connects to ec2-54-77-209-88.eu-west-1.compute.amazonaws.com  (54.77.209.88:80)

TCP (HTTP):
Connects to c-0001.dc-msedge.net  (131.253.33.50:80)

TCP (HTTP):
Connects to a23-55-155-27.deploy.static.akamaitechnologies.com  (23.55.155.27:80)

TCP (HTTP):
Connects to rivoli.alephd.com  (195.154.184.146:80)

TCP (HTTP):
Connects to s3-1.amazonaws.com  (52.216.225.227:80)

TCP (HTTP):
Connects to ns6335080.ovh.net  (5.135.135.138:80)

TCP (HTTP):
Connects to edge-atlas-shv-01-cdg2.facebook.com  (179.60.192.10:80)

TCP (HTTP):
Connects to ec2-54-228-185-118.eu-west-1.compute.amazonaws.com  (54.228.185.118:80)

TCP (HTTP):
Connects to ec2-52-211-21-195.eu-west-1.compute.amazonaws.com  (52.211.21.195:80)

TCP (HTTP):
Connects to ec2-52-19-72-230.eu-west-1.compute.amazonaws.com  (52.19.72.230:80)

TCP (HTTP):
Connects to ec2-46-137-181-13.eu-west-1.compute.amazonaws.com  (46.137.181.13:80)

TCP (HTTP):
Connects to ec2-46-137-158-165.eu-west-1.compute.amazonaws.com  (46.137.158.165:80)

TCP (HTTP):
Connects to bidder2.tradelab.fr  (85.17.147.229:80)

TCP (HTTP):
Connects to ads54.stickyadstv.com  (5.39.74.4:80)

TCP (HTTP):
Connects to ads45.stickyadstv.com  (176.31.228.202:80)

TCP (HTTP):
Connects to a88-221-112-203.deploy.akamaitechnologies.com  (88.221.112.203:80)

TCP (HTTP):
Connects to a88-221-112-187.deploy.akamaitechnologies.com  (88.221.112.187:80)

TCP (HTTP):
Connects to a23-200-86-151.deploy.static.akamaitechnologies.com  (23.200.86.151:80)

TCP (HTTP):
Connects to a23-200-86-142.deploy.static.akamaitechnologies.com  (23.200.86.142:80)

Remove Homepage.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.