interhop.exe

The application interhop.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a windows Service named “InterHop”. While running, it connects to the Internet address server-52-84-63-67.ord51.r.cloudfront.net on port 80 using the HTTP protocol.
MD5:
a3f2784f191a2ab08209e32c9c8a92cc

SHA-1:
1eed1dc09b71b9d342ef64b5e92ad087103d6bc0

SHA-256:
0108fd15fc218f5d83bd258f818b8b20fc62cc8fe5de0aa5b8f5fe78fe0e9793

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 11:37:22 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Adware.ELEX.A application
6.3.12010.0

Reason Heuristics
PUP.Interhop (M)
16.10.14.10

File size:
155.5 KB (159,232 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\interhop\interhop.exe

File PE Metadata
Compilation timestamp:
10/9/2016 9:37:10 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
3072:iSUYqRrrhTujaZkhaodNA5HDjnCXwJpiw7q+I3EAJfUn1u58VYj:6pTujaZmNARDjnCXwJp17jKCua

Entry address:
0x741E0

Entry point:
60, BE, 00, E0, 44, 00, 8D, BE, 00, 30, FB, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.9036

Packer / compiler:
UPX 2.90LZMA

Code size:
156 KB (159,744 bytes)

Service
Display name:
InterHop

Type:
Win32OwnProcess, InteractiveProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-52-85-83-76.lax1.r.cloudfront.net  (52.85.83.76:80)

TCP (HTTP):
Connects to server-52-85-83-60.lax1.r.cloudfront.net  (52.85.83.60:80)

TCP (HTTP):
Connects to server-52-84-132-22.atl52.r.cloudfront.net  (52.84.132.22:80)

TCP (HTTP):
Connects to server-52-84-63-67.ord51.r.cloudfront.net  (52.84.63.67:80)

TCP (HTTP):
Connects to server-54-230-95-175.fra2.r.cloudfront.net  (54.230.95.175:80)

TCP (HTTP):
Connects to server-52-85-63-73.lhr50.r.cloudfront.net  (52.85.63.73:80)

TCP (HTTP):
Connects to server-52-85-63-109.lhr50.r.cloudfront.net  (52.85.63.109:80)

TCP (HTTP):
Connects to server-54-230-81-234.mia50.r.cloudfront.net  (54.230.81.234:80)

TCP (HTTP):
Connects to server-54-192-19-144.iad12.r.cloudfront.net  (54.192.19.144:80)

TCP (HTTP):
Connects to server-54-239-132-188.sfo9.r.cloudfront.net  (54.239.132.188:80)

TCP (HTTP):
Connects to server-54-230-5-36.dfw3.r.cloudfront.net  (54.230.5.36:80)

TCP (HTTP):
Connects to server-52-85-83-189.lax1.r.cloudfront.net  (52.85.83.189:80)

TCP (HTTP):
Connects to server-52-84-63-48.ord51.r.cloudfront.net  (52.84.63.48:80)

TCP (HTTP):
Connects to server-54-230-206-20.atl50.r.cloudfront.net  (54.230.206.20:80)

TCP (HTTP):
Connects to server-54-230-163-71.jax1.r.cloudfront.net  (54.230.163.71:80)

TCP (HTTP):
Connects to server-54-230-163-247.jax1.r.cloudfront.net  (54.230.163.247:80)

TCP (HTTP):
Connects to server-54-230-163-156.jax1.r.cloudfront.net  (54.230.163.156:80)

TCP (HTTP):
Connects to server-54-230-122-154.dfw50.r.cloudfront.net  (54.230.122.154:80)

TCP (HTTP):
Connects to server-54-192-130-163.ams50.r.cloudfront.net  (54.192.130.163:80)

TCP (HTTP):
Connects to server-52-84-63-198.ord51.r.cloudfront.net  (52.84.63.198:80)

Remove interhop.exe - Powered by Reason Core Security