lader.exe

Lader

The application lader.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named 20130085 triggered to execute each time a user logs in. While running, it connects to the Internet address hosted-by.instantdedicated.com on port 80 using the HTTP protocol.
Publisher:
Lader

Product:
Lader

Version:
4.3.5.64

MD5:
ac9e09722b4d74e8fd7bdf04cb1a4d79

SHA-1:
b4fb13b3b84b54d918d7f023c80fffa0fd3c67a2

SHA-256:
fa4508e8582af7529e91695abd3ee2941a2383e96457bf96ca257eb383626ab3

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 12:47:50 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Adware.Dotdo.AP application
6.3.12010.0

Reason Heuristics
Adware.Dotdo.ET (M)
17.1.28.14

File size:
8.5 KB (8,704 bytes)

Product version:
4.3.5.64

Copyright:
Copyright © Lader 2017

Trademarks:
© 2017 Lader

Original file name:
lader.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\skid\lader.exe

File PE Metadata
Compilation timestamp:
1/26/2017 11:40:25 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x366E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.2952

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
6 KB (6,144 bytes)

Scheduled Task
Task name:
20130085

Trigger:
Logon (Runs on logon)

Description:
2013008520130085


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to static.hosted-by.miamidedicated.com  (162.222.193.17:80)

TCP (HTTP):
Connects to hosted-by.instantdedicated.com  (188.95.50.96:80)

TCP (HTTP SSL):
Connects to 57.247.178.107.bc.googleusercontent.com  (107.178.247.57:443)

TCP (HTTP SSL):
Connects to server-52-85-142-172.iad12.r.cloudfront.net  (52.85.142.172:443)

TCP (HTTP):
Connects to ec2-52-15-159-135.us-east-2.compute.amazonaws.com  (52.15.159.135:80)

TCP (HTTP):
Connects to ec2-52-0-108-100.compute-1.amazonaws.com  (52.0.108.100:80)

TCP (HTTP):
Connects to ec2-34-199-235-54.compute-1.amazonaws.com  (34.199.235.54:80)

TCP (HTTP):
Connects to 162-220-57-41.static.hvvc.us  (162.220.57.41:80)

TCP (HTTP):
Connects to a23-209-185-214.deploy.static.akamaitechnologies.com  (23.209.185.214:80)

TCP (HTTP):
Connects to 46.c8.c0ad.ip4.static.sl-reverse.com  (173.192.200.70:80)

TCP (HTTP):
Connects to static-106-212-205-209.24shells.net  (209.205.212.106:80)

TCP (HTTP):
Connects to server-52-85-142-21.iad12.r.cloudfront.net  (52.85.142.21:80)

TCP (HTTP):
Connects to server-52-85-113-208.ind6.r.cloudfront.net  (52.85.113.208:80)

TCP (HTTP SSL):
Connects to server-52-85-113-194.ind6.r.cloudfront.net  (52.85.113.194:443)

TCP (HTTP SSL):
Connects to server-52-85-113-145.ind6.r.cloudfront.net  (52.85.113.145:443)

TCP (HTTP):
Connects to server-52-85-113-132.ind6.r.cloudfront.net  (52.85.113.132:80)

TCP (HTTP):
Connects to ec2-54-89-17-130.compute-1.amazonaws.com  (54.89.17.130:80)

TCP (HTTP):
Connects to ec2-54-86-195-49.compute-1.amazonaws.com  (54.86.195.49:80)

TCP (HTTP):
Connects to ec2-54-85-22-109.compute-1.amazonaws.com  (54.85.22.109:80)

TCP (HTTP):
Connects to ec2-52-86-138-157.compute-1.amazonaws.com  (52.86.138.157:80)

Remove lader.exe - Powered by Reason Core Security