hotfresh.exe

The application hotfresh.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “Hotfresh”. While running, it connects to the Internet address 94.31.29.64.IPYX-077437-ZYO.above.net on port 80 using the HTTP protocol.
MD5:
ca7b9063b0cc6032bb26dc2baf2c631c

SHA-1:
799277c11d03c5228f5780b0c884c0ea0b31a935

SHA-256:
02c2f30cff298deaf957340906b0f19e50e95123824977a0a70d6f54b2597228

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 3:19:01 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Linkury
17.3.9.17

File size:
1 MB (1,086,464 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\hotfresh\hotfresh.exe

File PE Metadata
Compilation timestamp:
10/18/2009 8:40:05 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x3121

Entry point:
48, 85, ED, 0F, B6, F1, 57, 74, 02, 34, D0, F3, 20, F4, 0F, B6, C0, 25, 4C, 2D, 9F, 2F, 15, C5, CD, E2, A7, 85, F6, 73, 01, 48, 68, 8B, A2, 9F, 00, 88, D9, F7, C5, FA, FA, B4, B2, E8, 5D, 00, 00, 00, F2, 0F, B7, D1, FF, CD, 76, 09, 0F, AF, C6, 80, C4, 1C, 0F, AF, F7, 88, C8, 0F, AF, F3, 87, EE, 11, EF, 84, CE, BA, C0, 42, 00, 00, FE, C0, 81, F2, 56, 71, 00, 00, 87, FD, 81, F2, EE, 10, 00, 00, 47, 87, F8, 8B, DA, 0F, AF, EB, 81, F6, 8A, 79, 26, E9, 69, E8, 38, C9, F0, B4, 81, F3, 22, DD, 00, 00, 8D, 3D, E7...
 
[+]

Code size:
54.5 KB (55,808 bytes)

Service
Display name:
Hotfresh

Type:
Win32OwnProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to box383.bluehost.com  (69.89.31.183:80)

TCP (HTTP):
Connects to box361.bluehost.com  (69.89.31.161:80)

TCP (HTTP):
Connects to 217-160-0-4.elastic-ssl.ui-r.com  (217.160.0.4:80)

TCP (HTTP):
Connects to 217-160-0-39.elastic-ssl.ui-r.com  (217.160.0.39:80)

TCP (HTTP):
Connects to ec2-50-19-250-130.compute-1.amazonaws.com  (50.19.250.130:80)

TCP (HTTP):
Connects to 94.31.29.64.IPYX-077437-ZYO.above.net  (94.31.29.64:80)

Remove hotfresh.exe - Powered by Reason Core Security