idm 6.exe

Biznes IT, TOV

The application idm 6.exe by Biznes IT, TOV has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address 133.54.211.130.bc.googleusercontent.com on port 80 using the HTTP protocol.
Publisher:
Biznes IT, TOV  (signed and verified)

MD5:
f67282cd2ac6f604ed9e2469e3956df4

SHA-1:
0fd1ab5abdd357c1791709de89209b2cd998eb9c

SHA-256:
d1457119231ed7839f6f48c56742bc78f8a62da60daaf5206f1136721df34d27

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 5:53:04 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ContentProtector (M)
17.3.15.16

File size:
4.4 MB (4,636,344 bytes)

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
2/9/2017 5:30:00 AM

Valid to:
3/23/2017 5:29:59 AM

Subject:
CN="Biznes IT, TOV", OU=IT, O="Biznes IT, TOV", STREET="vul. Grebinky, 27", L=Poltava, S=Poltavska, PostalCode=36000, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A07E5994D51E3F5E8915CB5D34EFF638

File PE Metadata
Compilation timestamp:
6/20/1992 3:52:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x1C2EA0

Entry point:
55, 8B, EC, 83, C4, D8, 53, 56, 57, 33, C0, 89, 45, E0, 89, 45, E4, 89, 45, E8, B8, C0, 23, 5C, 00, E8, 5E, 4D, E4, FF, 33, C0, 55, 68, F4, 32, 5C, 00, 64, FF, 30, 64, 89, 20, E8, 97, 02, E4, FF, A1, 04, AB, 69, 00, E8, 7D, 2C, E4, FF, 8D, 55, E8, E8, 0D, 7A, E4, FF, 8B, 45, E8, E8, 55, 7C, E4, FF, 85, C0, 7E, 3B, 89, 45, EC, C7, 05, 10, 2B, 6A, 00, 01, 00, 00, 00, A1, 10, 2B, 6A, 00, 83, 3C, 85, 08, AB, 69, 00, 00, 7E, 14, A1, 10, 2B, 6A, 00, 83, 04, 85, 08, AB, 69, 00, 01, 71, 05, E8, E9, 11, E4, FF, FF...
 
[+]

Entropy:
7.4215

Developed / compiled with:
Microsoft Visual C++

Code size:
1.8 MB (1,844,224 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to map2.hwcdn.net  (205.185.216.10:80)

TCP (HTTP):
Connects to connections.hornycone.com  (185.80.54.15:80)

TCP (HTTP):
Connects to 133.54.211.130.bc.googleusercontent.com  (130.211.54.133:80)

Remove idm 6.exe - Powered by Reason Core Security