idsccom_554.exe

The application idsccom_554.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘IDSCCOM554’. The file has been seen being downloaded from fybs.reebdloc.com.
MD5:
d74133a7d3a3c97242e77f96bf1aaebe

SHA-1:
97c0cb7ca7518b362a1fec0e64d0db37711e96e3

SHA-256:
dc96c60e7b31480d19f47d0715ee7a3a6a8fbe03a0586fd0b221111892d3eaf0

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 9:04:36 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Eorezo (M)
16.6.14.0

File size:
347 Bytes

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\easyhotspot\idsccom_554.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
6:qzmSOvDn7jAs9QVCQKm2aIUWEr/9HJ8MIM4mGvmQaYFeyQUYMWXz:kDuD7jD9QgQKDappl2MIM4mPQaYIyQ/F

Entry point:
3C, 68, 74, 6D, 6C, 3E, 3C, 62, 6F, 64, 79, 3E, 3C, 62, 3E, 54, 68, 65, 20, 70, 61, 67, 65, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 64, 69, 73, 70, 6C, 61, 79, 65, 64, 20, 62, 65, 63, 61, 75, 73, 65, 20, 61, 6E, 20, 69, 6E, 74, 65, 72, 6E, 61, 6C, 20, 73, 65, 72, 76, 65, 72, 20, 65, 72, 72, 6F, 72, 20, 68, 61, 73, 20, 6F, 63, 63, 75, 72, 72, 65, 64, 2E, 3C, 2F, 62, 3E, 3C, 73, 63, 72, 69, 70, 74, 3E, 76, 61, 72, 20, 67, 6C, 6F, 62, 61, 6C, 20, 3D, 20, 5B, 22, 31, 34, 41, 62, 47, 6C, 38, 78, 68, 72, 30...
 
[+]

Entropy:
5.2329

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
IDSCCOM554

Command:
"C:\Program Files\easyhotspot\idsccom_554.exe"


The file idsccom_554.exe has been seen being distributed by the following URL.

Remove idsccom_554.exe - Powered by Reason Core Security