interhop.exe

The application interhop.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a windows Service named “InterHop”. While running, it connects to the Internet address server-52-85-74-78.lhr3.r.cloudfront.net on port 80 using the HTTP protocol.
MD5:
76018bc27d8eefa2826a48deb2872a56

SHA-1:
3be4565e4eabc109cd4272af01c76e8bd8b50ce2

SHA-256:
5850474c6c40aaa8e87f59c27fc0784c3f825a60a118bc75d967872cf669609e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/25/2024 12:19:06 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Interhop (M)
16.10.24.12

File size:
156.5 KB (160,256 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\interhop\interhop.exe

File PE Metadata
Compilation timestamp:
10/24/2016 7:30:48 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

CTPH (ssdeep):
3072:fHAwwocdRw0hDA1f3UFiKOjyPCqQQzQ27widN3Jn/9:PPDcdRwKZFidQwy

Entry address:
0x756E0

Entry point:
60, BE, 00, F0, 44, 00, 8D, BE, 00, 20, FB, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
156 KB (159,744 bytes)

Service
Display name:
InterHop

Type:
Win32OwnProcess, InteractiveProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-192-98-123.arn1.r.cloudfront.net  (54.192.98.123:80)

TCP (HTTP):
Connects to server-54-192-98-14.arn1.r.cloudfront.net  (54.192.98.14:80)

TCP (HTTP):
Connects to server-54-192-98-131.arn1.r.cloudfront.net  (54.192.98.131:80)

TCP (HTTP):
Connects to server-54-230-0-90.lhr5.r.cloudfront.net  (54.230.0.90:80)

TCP (HTTP):
Connects to server-52-85-63-211.lhr50.r.cloudfront.net  (52.85.63.211:80)

TCP (HTTP):
Connects to server-54-230-216-90.mrs50.r.cloudfront.net  (54.230.216.90:80)

TCP (HTTP):
Connects to server-54-230-216-120.mrs50.r.cloudfront.net  (54.230.216.120:80)

TCP (HTTP):
Connects to server-52-85-63-58.lhr50.r.cloudfront.net  (52.85.63.58:80)

TCP (HTTP):
Connects to server-54-192-14-4.ams1.r.cloudfront.net  (54.192.14.4:80)

TCP (HTTP):
Connects to server-54-230-216-49.mrs50.r.cloudfront.net  (54.230.216.49:80)

TCP (HTTP):
Connects to server-52-85-83-9.lax1.r.cloudfront.net  (52.85.83.9:80)

TCP (HTTP):
Connects to server-52-85-83-201.lax1.r.cloudfront.net  (52.85.83.201:80)

TCP (HTTP):
Connects to server-52-84-132-93.atl52.r.cloudfront.net  (52.84.132.93:80)

TCP (HTTP):
Connects to server-54-239-132-39.sfo9.r.cloudfront.net  (54.239.132.39:80)

TCP (HTTP):
Connects to server-54-230-95-25.fra2.r.cloudfront.net  (54.230.95.25:80)

TCP (HTTP):
Connects to server-54-230-95-237.fra2.r.cloudfront.net  (54.230.95.237:80)

TCP (HTTP):
Connects to server-54-230-95-179.fra2.r.cloudfront.net  (54.230.95.179:80)

TCP (HTTP):
Connects to server-54-230-216-63.mrs50.r.cloudfront.net  (54.230.216.63:80)

TCP (HTTP):
Connects to server-54-230-216-28.mrs50.r.cloudfront.net  (54.230.216.28:80)

TCP (HTTP):
Connects to server-54-230-216-224.mrs50.r.cloudfront.net  (54.230.216.224:80)

Remove interhop.exe - Powered by Reason Core Security