» htlecbpgv.exe
Overview
Analysis
File Details
Network (3)

htlecbpgv.exe

Beijing Caiyunshidai Technology Co., Ltd.

The application htlecbpgv.exe by Beijing Caiyunshidai Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address server-54-240-186-120.mad50.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

htlecbpgv.exe

Publisher:

Beijing Caiyunshidai Technology Co., Ltd. (signed and verified)

MD5:

5e8ea60456f7d5ffc784a4a017a7be8f

SHA-1:

a53f0794264a925d2f2a307be53a3939fbfba7e9

SHA-256:

a8b55c0beebda63aeb4f73f2b64c526191689242f2bcc6f009b50dd03103af84

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 8:05:05 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.ELEX.SpeedSearch (M)

17.2.11.13

File size:

417 KB (426,960 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\htlecbpgv.exe

Digital Signature

Signed by:

Beijing Caiyunshidai Technology Co., Ltd.

Authority:

thawte, Inc.

Valid from:

1/23/2017 1:00:00 AM

Valid to:

3/4/2017 12:59:59 AM

Subject:

CN="Beijing Caiyunshidai Technology Co., Ltd.", O="Beijing Caiyunshidai Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

011AE675B36A4BE7F940903CF54E8522

File PE Metadata

Compilation timestamp:

2/9/2017 12:58:17 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x12AD

Entry point:

E8, D5, 25, 00, 00, E9, 15, A5, 00, 00, 55, 8B, EC, 51, 9B, DD, 7D, FC, 0F, BF, 45, FC, 8B, E5, 5D, C3, 55, 8B, EC, 56, 8B, 75, 08, 33, C0, EB, 0F, 85, C0, 75, 10, 8B, 0E, 85, C9, 74, 02, FF, D1, 83, C6, 04, 3B, 75, 0C, 72, EC, 5E, 5D, C3, 55, 8B, EC, FF, 75, 08, E8, B5, 33, 00, 00, 59, FF, 75, 08, FF, 15, 58, F0, 45, 00, CC, 55, 8B, EC, 83, EC, 08, 53, 56, 57, FC, 89, 45, FC, 33, C0, 50, 50, 50, FF, 75, FC, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 48, 6A, 00, 00, 83, C4, 20, 89, 45, F8, 5F, 5E... 
[+]

Code size:

374 KB (382,976 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-54-240-186-51.mad50.r.cloudfront.net (54.240.186.51:80)

TCP (HTTP):

Connects to server-54-240-186-66.mad50.r.cloudfront.net (54.240.186.66:80)

TCP (HTTP):

Connects to server-54-240-186-120.mad50.r.cloudfront.net (54.240.186.120:80)

Remove htlecbpgv.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.