» interhop.exe
Overview
Analysis
File Details
Behaviors (1)
Network (49)

interhop.exe

The application interhop.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a windows Service named “InterHop”. While running, it connects to the Internet address server-52-85-74-78.lhr3.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

interhop.exe

MD5:

76018bc27d8eefa2826a48deb2872a56

SHA-1:

3be4565e4eabc109cd4272af01c76e8bd8b50ce2

SHA-256:

5850474c6c40aaa8e87f59c27fc0784c3f825a60a118bc75d967872cf669609e

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/2/2024 1:35:04 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Interhop (M)

16.10.24.12

File size:

156.5 KB (160,256 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\interhop\interhop.exe

File PE Metadata

Compilation timestamp:

10/24/2016 7:30:48 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

CTPH (ssdeep):

3072:fHAwwocdRw0hDA1f3UFiKOjyPCqQQzQ27widN3Jn/9:PPDcdRwKZFidQwy

Entry address:

0x756E0

Entry point:

60, BE, 00, F0, 44, 00, 8D, BE, 00, 20, FB, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89... 
[+]

Packer / compiler:

UPX 2.90LZMA

Code size:

156 KB (159,744 bytes)

Service

Display name:

InterHop

Type:

Win32OwnProcess, InteractiveProcess

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-54-192-98-123.arn1.r.cloudfront.net (54.192.98.123:80)

TCP (HTTP):

Connects to server-54-192-98-14.arn1.r.cloudfront.net (54.192.98.14:80)

TCP (HTTP):

Connects to server-54-192-98-131.arn1.r.cloudfront.net (54.192.98.131:80)

TCP (HTTP):

Connects to server-54-230-0-90.lhr5.r.cloudfront.net (54.230.0.90:80)

TCP (HTTP):

Connects to server-52-85-63-211.lhr50.r.cloudfront.net (52.85.63.211:80)

TCP (HTTP):

Connects to server-54-230-216-90.mrs50.r.cloudfront.net (54.230.216.90:80)

TCP (HTTP):

Connects to server-54-230-216-120.mrs50.r.cloudfront.net (54.230.216.120:80)

TCP (HTTP):

Connects to server-52-85-63-58.lhr50.r.cloudfront.net (52.85.63.58:80)

TCP (HTTP):

Connects to server-54-192-14-4.ams1.r.cloudfront.net (54.192.14.4:80)

TCP (HTTP):

Connects to server-54-230-216-49.mrs50.r.cloudfront.net (54.230.216.49:80)

TCP (HTTP):

Connects to server-52-85-83-9.lax1.r.cloudfront.net (52.85.83.9:80)

TCP (HTTP):

Connects to server-52-85-83-201.lax1.r.cloudfront.net (52.85.83.201:80)

TCP (HTTP):

Connects to server-52-84-132-93.atl52.r.cloudfront.net (52.84.132.93:80)

TCP (HTTP):

Connects to server-54-239-132-39.sfo9.r.cloudfront.net (54.239.132.39:80)

TCP (HTTP):

Connects to server-54-230-95-25.fra2.r.cloudfront.net (54.230.95.25:80)

TCP (HTTP):

Connects to server-54-230-95-237.fra2.r.cloudfront.net (54.230.95.237:80)

TCP (HTTP):

Connects to server-54-230-95-179.fra2.r.cloudfront.net (54.230.95.179:80)

TCP (HTTP):

Connects to server-54-230-216-63.mrs50.r.cloudfront.net (54.230.216.63:80)

TCP (HTTP):

Connects to server-54-230-216-28.mrs50.r.cloudfront.net (54.230.216.28:80)

TCP (HTTP):

Connects to server-54-230-216-224.mrs50.r.cloudfront.net (54.230.216.224:80)

Remove interhop.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.