ic-0.0c0ef461621aac.exe

Yuanyuan Mei

The application ic-0.0c0ef461621aac.exe by Yuanyuan Mei has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address server-52-85-83-123.lax1.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Yuanyuan Mei  (signed and verified)

MD5:
fc31e78dae23182110619b1963d25500

SHA-1:
d96f27b9bf8a85d19af3ef36c24514b48db15070

SHA-256:
baa679ac1747ef22a8aa0daba8f3259edc40405e720fdc37d75f54d20f30b546

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 11:17:03 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex (M)
17.2.19.6

File size:
416.8 KB (426,752 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\ic-0.0c0ef461621aac.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
1/20/2017 7:00:00 AM

Valid to:
4/21/2017 6:59:59 AM

Subject:
CN=Yuanyuan Mei, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
0779F2D4DF108ECA89972073E40279BD

File PE Metadata
Compilation timestamp:
2/13/2017 6:44:24 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x37AA

Entry point:
E8, 9B, 58, 00, 00, E9, 8D, 7C, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 57, C6, 45, FF, 00, 8B, 7B, 08, 8D, 73, 10, 33, 3D, 00, 50, 46, 00, C7, 45, F4, 01, 00, 00, 00, 8B, 07, 83, F8, FE, 74, 0D, 8B, 4F, 04, 03, CE, 33, 0C, 30, E8, 5F, 17, 00, 00, 8B, 47, 08, 8B, 4F, 0C, 03, CE, 33, 0C, 30, E8, 4F, 17, 00, 00, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, CF, 00, 00, 00, 89, 45, E8, 8B, 45, 10, 89, 45, EC, 8D, 45, E8, 89, 43, FC, 8B, 43, 0C, 89, 45, F8, 83...
 
[+]

Entropy:
7.8338  (probably packed)

Code size:
375.5 KB (384,512 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-52-85-83-141.lax1.r.cloudfront.net  (52.85.83.141:80)

TCP (HTTP):
Connects to server-52-85-83-140.lax1.r.cloudfront.net  (52.85.83.140:80)

TCP (HTTP):
Connects to server-52-85-83-123.lax1.r.cloudfront.net  (52.85.83.123:80)

Remove ic-0.0c0ef461621aac.exe - Powered by Reason Core Security