htlecbpgv.exe

Beijing Caiyunshidai Technology Co., Ltd.

The application htlecbpgv.exe by Beijing Caiyunshidai Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address server-54-240-186-120.mad50.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:

MD5:
5e8ea60456f7d5ffc784a4a017a7be8f

SHA-1:
a53f0794264a925d2f2a307be53a3939fbfba7e9

SHA-256:
a8b55c0beebda63aeb4f73f2b64c526191689242f2bcc6f009b50dd03103af84

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 8:05:05 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.ELEX.SpeedSearch (M)
17.2.11.13

File size:
417 KB (426,960 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\htlecbpgv.exe

Digital Signature
Authority:
thawte, Inc.

Valid from:
1/23/2017 1:00:00 AM

Valid to:
3/4/2017 12:59:59 AM

Subject:
CN="Beijing Caiyunshidai Technology Co., Ltd.", O="Beijing Caiyunshidai Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
011AE675B36A4BE7F940903CF54E8522

File PE Metadata
Compilation timestamp:
2/9/2017 12:58:17 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x12AD

Entry point:
E8, D5, 25, 00, 00, E9, 15, A5, 00, 00, 55, 8B, EC, 51, 9B, DD, 7D, FC, 0F, BF, 45, FC, 8B, E5, 5D, C3, 55, 8B, EC, 56, 8B, 75, 08, 33, C0, EB, 0F, 85, C0, 75, 10, 8B, 0E, 85, C9, 74, 02, FF, D1, 83, C6, 04, 3B, 75, 0C, 72, EC, 5E, 5D, C3, 55, 8B, EC, FF, 75, 08, E8, B5, 33, 00, 00, 59, FF, 75, 08, FF, 15, 58, F0, 45, 00, CC, 55, 8B, EC, 83, EC, 08, 53, 56, 57, FC, 89, 45, FC, 33, C0, 50, 50, 50, FF, 75, FC, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 48, 6A, 00, 00, 83, C4, 20, 89, 45, F8, 5F, 5E...
 
[+]

Code size:
374 KB (382,976 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-240-186-51.mad50.r.cloudfront.net  (54.240.186.51:80)

TCP (HTTP):
Connects to server-54-240-186-66.mad50.r.cloudfront.net  (54.240.186.66:80)

TCP (HTTP):
Connects to server-54-240-186-120.mad50.r.cloudfront.net  (54.240.186.120:80)

Remove htlecbpgv.exe - Powered by Reason Core Security