home

ic-0.9efbb6dea676e.exe

Beijing Caiyunshidai Technology Co., Ltd.

The application ic-0.9efbb6dea676e.exe by Beijing Caiyunshidai Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address server-54-230-216-187.mrs50.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Beijing Caiyunshidai Technology Co., Ltd.  (signed and verified)

MD5:
a02a1611bf8453188df2b41b9ce526bd

SHA-1:
0861e03d1d94cc8b8df9dd7f0b8bd9b7f8b4cd30

SHA-256:
9297d743db1d3b0dcc5ac4d0ef34300135fbf3435c3b78918fff9bc635d9a187

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/28/2024 2:18:07 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.ELEX.SpeedSearch (M)
17.1.26.17

File size:
407.4 KB (417,208 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\ic-0.9efbb6dea676e.exe

Digital Signature
Signed by:
Beijing Caiyunshidai Technology Co., Ltd.

Authority:
thawte, Inc.

Valid from:
1/18/2017 1:00:00 AM

Valid to:
3/4/2017 12:59:59 AM

Subject:
CN="Beijing Caiyunshidai Technology Co., Ltd.", O="Beijing Caiyunshidai Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
35A3091866A7905AF1E3E625AD3C5875

File PE Metadata
Compilation timestamp:
1/18/2017 9:39:22 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x105F

Entry point:
E8, D6, 84, 00, 00, E9, 88, A6, 00, 00, 6A, 08, 68, F0, 1C, 46, 00, E8, FB, A7, 00, 00, E8, A6, 56, 00, 00, 8B, 40, 78, 85, C0, 74, 16, 83, 65, FC, 00, FF, D0, EB, 07, 33, C0, 40, C3, 8B, 65, E8, C7, 45, FC, FE, FF, FF, FF, E8, 4D, 5B, 00, 00, CC, 55, 8B, EC, 56, 8B, 75, 08, B9, C8, 3B, 46, 00, 3B, F1, 72, 22, 81, FE, 28, 3E, 46, 00, 77, 1A, 8B, C6, 2B, C1, C1, F8, 05, 83, C0, 10, 50, E8, E7, 04, 00, 00, 81, 4E, 0C, 00, 80, 00, 00, 59, EB, 0A, 8D, 46, 20, 50, FF, 15, 80, C0, 45, 00, 5E, 5D, C3, 55, 8B, EC...
 
[+]

Code size:
361.5 KB (370,176 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-216-98.mrs50.r.cloudfront.net  (54.230.216.98:80)

TCP (HTTP):
Connects to server-54-230-216-187.mrs50.r.cloudfront.net  (54.230.216.187:80)

TCP (HTTP):
Connects to server-54-230-216-108.mrs50.r.cloudfront.net  (54.230.216.108:80)

TCP (HTTP):
Connects to server-54-192-55-27.jfk6.r.cloudfront.net  (54.192.55.27:80)

TCP (HTTP):
Connects to server-54-192-55-209.jfk6.r.cloudfront.net  (54.192.55.209:80)

TCP (HTTP):
Connects to server-54-192-55-139.jfk6.r.cloudfront.net  (54.192.55.139:80)

TCP (HTTP):
Connects to server-54-192-55-11.jfk6.r.cloudfront.net  (54.192.55.11:80)

TCP (HTTP):
Connects to server-54-192-129-68.ams50.r.cloudfront.net  (54.192.129.68:80)

TCP (HTTP):
Connects to server-54-192-129-44.ams50.r.cloudfront.net  (54.192.129.44:80)

TCP (HTTP):
Connects to server-54-192-129-218.ams50.r.cloudfront.net  (54.192.129.218:80)

TCP (HTTP):
Connects to server-52-85-94-200.jfk5.r.cloudfront.net  (52.85.94.200:80)

TCP (HTTP):
Connects to server-52-85-94-142.jfk5.r.cloudfront.net  (52.85.94.142:80)

TCP (HTTP):
Connects to server-52-85-94-121.jfk5.r.cloudfront.net  (52.85.94.121:80)

Remove ic-0.9efbb6dea676e.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.