» ic-0.6c9caa3773f554.exe
Overview
Analysis
File Details
Network (36)

ic-0.6c9caa3773f554.exe

Beijing Caiyunshidai Technology Co., Ltd.

The application ic-0.6c9caa3773f554.exe by Beijing Caiyunshidai Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address server-52-84-246-21.sfo20.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

Publisher:

Beijing Caiyunshidai Technology Co., Ltd. (signed and verified)

MD5:

f20fcb3bc595897feb20b76ed26be5c3

SHA-1:

62c92a273419a1b63f6d43360d242d6394c7e130

SHA-256:

decb11b65bb99e91d20acb315f33f7ca51011a0fb2a8f351dd8fc2fe77d9d8ee

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

2/25/2025 7:56:24 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.ELEX.SpeedSearch (M)

17.2.24.20

File size:

415.1 KB (425,024 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\ic-0.6c9caa3773f554.exe

Digital Signature

Signed by:

Beijing Caiyunshidai Technology Co., Ltd.

Authority:

thawte, Inc.

Valid from:

1/17/2017 1:00:00 AM

Valid to:

3/4/2017 12:59:59 AM

Subject:

CN="Beijing Caiyunshidai Technology Co., Ltd.", O="Beijing Caiyunshidai Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

5CA1EF4409BED5441078E4EC71840A58

File PE Metadata

Compilation timestamp:

2/13/2017 4:21:15 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x2724

Entry point:

E8, C3, 53, 00, 00, E9, B9, 8F, 00, 00, 55, 8B, EC, A1, 60, A1, 46, 00, 33, 05, 00, 50, 46, 00, 74, 07, FF, 75, 08, FF, D0, 5D, C3, 5D, FF, 25, C0, F0, 45, 00, 55, 8B, EC, 51, 57, FF, 15, A4, F0, 45, 00, 8B, F8, 85, FF, 74, 47, 53, 33, DB, 56, 8B, F7, 66, 39, 1F, 74, 10, 83, C6, 02, 66, 39, 1E, 75, F8, 83, C6, 02, 66, 39, 1E, 75, F0, 2B, F7, 83, C6, 02, 56, E8, D4, E9, FF, FF, 89, 45, FC, 59, 85, C0, 74, 0E, 56, 57, 50, E8, 0D, 97, 00, 00, 8B, 5D, FC, 83, C4, 0C, 57, FF, 15, A8, F0, 45, 00, 5E, 8B, C3, 5B... 
[+]

Code size:

376 KB (385,024 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-54-230-216-218.mrs50.r.cloudfront.net (54.230.216.218:80)

TCP (HTTP):

Connects to server-54-230-216-44.mrs50.r.cloudfront.net (54.230.216.44:80)

TCP (HTTP):

Connects to server-54-230-216-158.mrs50.r.cloudfront.net (54.230.216.158:80)

TCP (HTTP):

Connects to server-54-239-132-131.sfo9.r.cloudfront.net (54.239.132.131:80)

TCP (HTTP):

Connects to server-54-230-216-106.mrs50.r.cloudfront.net (54.230.216.106:80)

TCP (HTTP):

Connects to server-54-230-216-61.mrs50.r.cloudfront.net (54.230.216.61:80)

TCP (HTTP):

Connects to server-54-239-132-149.sfo9.r.cloudfront.net (54.239.132.149:80)

TCP (HTTP):

Connects to server-54-239-132-116.sfo9.r.cloudfront.net (54.239.132.116:80)

TCP (HTTP):

Connects to server-54-230-216-94.mrs50.r.cloudfront.net (54.230.216.94:80)

TCP (HTTP):

Connects to server-54-230-216-68.mrs50.r.cloudfront.net (54.230.216.68:80)

TCP (HTTP):

Connects to server-54-230-216-49.mrs50.r.cloudfront.net (54.230.216.49:80)

TCP (HTTP):

Connects to server-54-230-187-93.cdg51.r.cloudfront.net (54.230.187.93:80)

TCP (HTTP):

Connects to server-52-85-83-118.lax1.r.cloudfront.net (52.85.83.118:80)

TCP (HTTP):

Connects to server-52-85-63-16.lhr50.r.cloudfront.net (52.85.63.16:80)

TCP (HTTP):

Connects to server-52-84-246-231.sfo20.r.cloudfront.net (52.84.246.231:80)

TCP (HTTP):

Connects to server-54-230-216-168.mrs50.r.cloudfront.net (54.230.216.168:80)

TCP (HTTP):

Connects to server-54-230-216-51.mrs50.r.cloudfront.net (54.230.216.51:80)

TCP (HTTP):

Connects to server-54-230-216-30.mrs50.r.cloudfront.net (54.230.216.30:80)

TCP (HTTP):

Connects to server-54-230-216-216.mrs50.r.cloudfront.net (54.230.216.216:80)

TCP (HTTP):

Connects to server-54-230-216-108.mrs50.r.cloudfront.net (54.230.216.108:80)

Remove ic-0.6c9caa3773f554.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.