ic-0.b49939e92bce18.exe

Yu Bao

The executable ic-0.b49939e92bce18.exe has been detected as malware by 1 anti-virus scanner. While running, it connects to the Internet address server-52-85-77-54.lax3.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Yu Bao  (signed and verified)

MD5:
584cf3428c44c7c62021865194dd6505

SHA-1:
562a86b249326bd0f22b370c8f8d7859531e3c7b

SHA-256:
418e04477099674de4cfee86b0a02f5ca51c181323a10d11967bdfb7a7ee89a6

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/24/2024 6:30:42 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.3.5.5

File size:
427.5 KB (437,744 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\ic-0.b49939e92bce18.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
1/5/2017 10:00:00 PM

Valid to:
11/21/2017 9:59:59 PM

Subject:
CN=Yu Bao, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
324E4B124A3311B82F185FF09360D184

File PE Metadata
Compilation timestamp:
2/22/2017 10:32:30 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x3079

Entry point:
E8, 83, 11, 00, 00, E9, FE, 95, 00, 00, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 74, 59, 8B, 06, 3B, 05, 80, 8A, 46, 00, 74, 07, 50, E8, 9C, 21, 00, 00, 59, 8B, 46, 04, 3B, 05, 84, 8A, 46, 00, 74, 07, 50, E8, 8A, 21, 00, 00, 59, 8B, 46, 08, 3B, 05, 88, 8A, 46, 00, 74, 07, 50, E8, 78, 21, 00, 00, 59, 8B, 46, 30, 3B, 05, B0, 8A, 46, 00, 74, 07, 50, E8, 66, 21, 00, 00, 59, 8B, 46, 34, 3B, 05, B4, 8A, 46, 00, 74, 07, 50, E8, 54, 21, 00, 00, 59, 5E, 5D, C3, 55, 8B, EC, FF, 35, 9C, 96, 46, 00, FF, 15, 14, 20, 46, 00...
 
[+]

Code size:
384.5 KB (393,728 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-95-99.fra2.r.cloudfront.net  (54.230.95.99:80)

TCP (HTTP):
Connects to server-54-230-95-188.fra2.r.cloudfront.net  (54.230.95.188:80)

TCP (HTTP):
Connects to server-54-230-216-69.mrs50.r.cloudfront.net  (54.230.216.69:80)

TCP (HTTP):
Connects to server-54-230-95-173.fra2.r.cloudfront.net  (54.230.95.173:80)

TCP (HTTP):
Connects to server-54-230-216-81.mrs50.r.cloudfront.net  (54.230.216.81:80)

TCP (HTTP):
Connects to server-54-230-216-242.mrs50.r.cloudfront.net  (54.230.216.242:80)

TCP (HTTP):
Connects to server-54-230-216-239.mrs50.r.cloudfront.net  (54.230.216.239:80)

TCP (HTTP):
Connects to server-54-230-216-217.mrs50.r.cloudfront.net  (54.230.216.217:80)

TCP (HTTP):
Connects to server-54-230-216-181.mrs50.r.cloudfront.net  (54.230.216.181:80)

TCP (HTTP):
Connects to server-54-230-216-118.mrs50.r.cloudfront.net  (54.230.216.118:80)

TCP (HTTP):
Connects to server-54-230-216-108.mrs50.r.cloudfront.net  (54.230.216.108:80)

TCP (HTTP):
Connects to server-54-230-216-106.mrs50.r.cloudfront.net  (54.230.216.106:80)

TCP (HTTP):
Connects to server-54-192-203-68.fra50.r.cloudfront.net  (54.192.203.68:80)

TCP (HTTP):
Connects to server-54-192-203-123.fra50.r.cloudfront.net  (54.192.203.123:80)

TCP (HTTP):
Connects to server-52-85-83-48.lax1.r.cloudfront.net  (52.85.83.48:80)

TCP (HTTP):
Connects to server-52-85-83-27.lax1.r.cloudfront.net  (52.85.83.27:80)

TCP (HTTP):
Connects to server-52-85-63-21.lhr50.r.cloudfront.net  (52.85.63.21:80)

TCP (HTTP):
Connects to server-52-84-246-80.sfo20.r.cloudfront.net  (52.84.246.80:80)

TCP (HTTP):
Connects to server-52-84-246-231.sfo20.r.cloudfront.net  (52.84.246.231:80)

TCP (HTTP):
Connects to server-52-84-246-219.sfo20.r.cloudfront.net  (52.84.246.219:80)

Remove ic-0.b49939e92bce18.exe - Powered by Reason Core Security