ieldabletted.exe

Red Sky Sp. z o.o.

The application ieldabletted.exe by Red Sky Sp. z o.o has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This executable runs as a local area network (LAN) Internet proxy server listening on port 9880 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Publisher:
Red Sky Sp. z o.o.  (signed and verified)

MD5:
58a75165c6045a9b23bccf9678bee687

SHA-1:
46b71d627778fb8b43ba979958fb560e857f5982

SHA-256:
268fa4399bf2b39febc535bd31ef297c9c9b703561a116f8722391dd0bf1da70

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 3:21:53 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.RedSkySpzoo.M
14.10.27.20

File size:
4.2 MB (4,383,192 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\ieldabletted\ieldabletted.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
3/27/2014 5:00:00 PM

Valid to:
3/28/2015 4:59:59 PM

Subject:
CN=Red Sky Sp. z o.o., OU=Red Sky, O=Red Sky Sp. z o.o., POBox=71-064, STREET=Aleja Piastow 22, L=Szczecin, S=zachodniopomorskie, PostalCode=71-064, C=PL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00AF74AE06E658887C8B6B42539F3FA758

File PE Metadata
Compilation timestamp:
4/2/1998 9:11:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.24

CTPH (ssdeep):
98304:ntJEJ3vbMQioykkppsUlzkxSlELYTs9o36ln4zSPTnNQ8:PWfbMQioy1ppmx+cv4zSRQ8

Entry address:
0x14C0

Entry point:
83, EC, 0C, C7, 05, 24, 81, 82, 00, 01, 00, 00, 00, E8, AE, 63, 05, 00, 83, C4, 0C, E9, A6, FC, FF, FF, 8D, B6, 00, 00, 00, 00, 83, EC, 0C, C7, 05, 24, 81, 82, 00, 00, 00, 00, 00, E8, 8E, 63, 05, 00, 83, C4, 0C, E9, 86, FC, FF, FF, 90, 90, 90, 90, 90, 90, 55, 89, E5, 56, 53, 83, EC, 10, 8B, 1D, 18, A3, 82, 00, C7, 04, 24, 00, 50, 47, 00, FF, D3, 89, C6, 83, EC, 04, 85, F6, B8, E0, D3, 45, 00, 74, 29, C7, 04, 24, 00, 50, 47, 00, FF, 15, 54, A3, 82, 00, 83, EC, 04, A3, 38, 80, 82, 00, C7, 44, 24, 04, 13, 50...
 
[+]

Entropy:
6.7764

Code size:
458.5 KB (469,504 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:9880/

Local host port:
9880

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to r2.ycpi.vip.nyc.yahoo.net  (216.115.101.179:443)

TCP (HTTP SSL):
Connects to r-199-59-150-11.twttr.com  (199.59.150.11:443)

TCP (HTTP SSL):
Connects to r-199-59-148-10.twttr.com  (199.59.148.10:443)

TCP (HTTP SSL):
Connects to qg-in-f95.1e100.net  (74.125.29.95:443)

TCP (HTTP SSL):
Connects to pprd1-rtr2.manhattan.vip.bf1.yahoo.com  (98.137.201.111:443)

TCP (HTTP SSL):
Connects to l1.ycs.vip.dcb.yahoo.com  (206.190.56.190:443)

TCP (HTTP SSL):
Connects to ib-in-f95.1e100.net  (74.125.192.95:443)

TCP (HTTP SSL):
Connects to iad23s25-in-f10.1e100.net  (173.194.121.10:443)

TCP (HTTP SSL):
Connects to host-91-112-220-24.midco.net  (24.220.112.91:443)

TCP (HTTP SSL):
Connects to host-90-112-220-24.midco.net  (24.220.112.90:443)

TCP (HTTP SSL):
Connects to host-88-112-220-24.midco.net  (24.220.112.88:443)

TCP (HTTP SSL):
Connects to host-49-112-220-24.midco.net  (24.220.112.49:443)

TCP (HTTP SSL):
Connects to host-48-112-220-24.midco.net  (24.220.112.48:443)

TCP (HTTP SSL):
Connects to host-117-112-220-24.midco.net  (24.220.112.117:443)

TCP (HTTP SSL):
Connects to host-110-112-220-24.midco.net  (24.220.112.110:443)

TCP (HTTP SSL):
Connects to csc-beap.adx.vip.bf1.yahoo.com  (76.13.28.70:443)

TCP (HTTP SSL):
Connects to channel-proxy-shv-13-prn1.facebook.com  (69.171.235.19:443)

TCP (HTTP SSL):
Connects to channel-proxy-shv-07-ash2.facebook.com  (173.252.113.2:443)

TCP (HTTP SSL):
Connects to channel-proxy-shv-06-ash2.facebook.com  (173.252.102.24:443)

TCP (HTTP SSL):
Connects to channel-proxy-shv-04-frc3.facebook.com  (173.252.107.16:443)

Remove ieldabletted.exe - Powered by Reason Core Security