microsoft toolkit 2.6.6__9465_il903.exe

The application microsoft toolkit 2.6.6__9465_il903.exe has been detected as a potentially unwanted program by 8 anti-malware scanners. While running, it connects to the Internet address server-54-192-25-204.mxp4.r.cloudfront.net on port 80 using the HTTP protocol.
MD5:
7d1a5888dbdf9d8f20212d745e5ab808

SHA-1:
df45ecad0729d1d346bf27aa7da5101ac656ee63

SHA-256:
070f2f6655a2d214cc19100010e1ea0d89bcc3f92e969a2c4b99a3f828c515a3

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 5:43:10 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dldr.Agent.zgihr
8.3.3.4

avast!
Win32:Dropper-gen [Drp]
2014.9-170208

Baidu Antivirus
Win32.Trojan.Kryptik
4.0.3.1728

Bkav FE
HW32.Packed
1.3.0.8471

Kaspersky
not-a-virus:HEUR:Downloader.Win32.Generic
14.0.0.-1137

Panda Antivirus
Trj/Genetic.gen
17.02.08.09

Qihoo 360 Security
HEUR/QVM20.1.0000.Malware.Gen
1.0.0.1120

Rising Antivirus
Trojan.Kryptik!1.A6EC (classic)
23.00.65.17206

File size:
1.7 MB (1,781,248 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\microsoft toolkit final\microsoft toolkit 2.6.6__9465_il903.exe

File PE Metadata
Compilation timestamp:
11/9/2016 11:31:01 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.26

Entry address:
0x16DB07

Entry point:
EB, 03, C2, 0C, 00, E8, AC, 02, 00, 00, CC, 55, 8B, EC, 83, EC, 68, C6, 45, 98, 33, C6, 45, 99, C9, C6, 45, 9A, B6, C6, 45, 9B, 24, C6, 45, 9C, 1C, C6, 45, 9D, 74, C6, 45, 9E, AD, C6, 45, 9F, C3, C6, 45, A0, C9, C6, 45, A1, B6, C6, 45, A2, 24, C6, 45, A3, 1C, C6, 45, A4, 74, C6, 45, A5, AD, C6, 45, A6, C3, C6, 45, A7, C9, C6, 45, A8, B6, C6, 45, A9, 24, C6, 45, AA, 1C, C6, 45, AB, 74, C6, 45, AC, AD, C6, 45, AD, C3, C6, 45, AE, C9, C6, 45, AF, B6, C6, 45, B0, 24, C6, 45, B1, 1C, C6, 45, B2, 74, C6, 45, B3...
 
[+]

Entropy:
7.5211

Code size:
1.4 MB (1,497,088 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-107-20-147-93.compute-1.amazonaws.com  (107.20.147.93:80)

TCP (HTTP):
Connects to ec2-54-243-162-153.compute-1.amazonaws.com  (54.243.162.153:80)

TCP (HTTP):
Connects to server-54-192-159-110.sin3.r.cloudfront.net  (54.192.159.110:80)

TCP (HTTP):
Connects to server-54-240-186-156.mad50.r.cloudfront.net  (54.240.186.156:80)

TCP (HTTP):
Connects to server-54-230-191-220.maa3.r.cloudfront.net  (54.230.191.220:80)

TCP (HTTP):
Connects to server-54-192-159-143.sin3.r.cloudfront.net  (54.192.159.143:80)

TCP (HTTP):
Connects to 131.subnet180-250-66.speedy.telkom.net.id  (180.250.66.131:80)

TCP (HTTP):
Connects to server-54-230-191-32.maa3.r.cloudfront.net  (54.230.191.32:80)

TCP (HTTP):
Connects to server-54-192-233-116.nrt12.r.cloudfront.net  (54.192.233.116:80)

TCP (HTTP):
Connects to server-54-192-159-73.sin3.r.cloudfront.net  (54.192.159.73:80)

TCP (HTTP SSL):
Connects to server-54-192-159-69.sin3.r.cloudfront.net  (54.192.159.69:443)

TCP (HTTP SSL):
Connects to server-54-192-159-254.sin3.r.cloudfront.net  (54.192.159.254:443)

TCP (HTTP):
Connects to server-52-84-230-179.sfo9.r.cloudfront.net  (52.84.230.179:80)

TCP (HTTP):

TCP (HTTP):
Connects to 94.31.29.64.IPYX-077437-ZYO.above.net  (94.31.29.64:80)

TCP (HTTP):
Connects to web0.adplusplus.fr  (87.98.175.172:80)

TCP (HTTP):
Connects to server-54-230-216-196.mrs50.r.cloudfront.net  (54.230.216.196:80)

TCP (HTTP):
Connects to server-54-230-191-30.maa3.r.cloudfront.net  (54.230.191.30:80)

TCP (HTTP):
Connects to server-54-230-149-146.sin2.r.cloudfront.net  (54.230.149.146:80)

TCP (HTTP):
Connects to server-54-230-11-99.lhr3.r.cloudfront.net  (54.230.11.99:80)

Remove microsoft toolkit 2.6.6__9465_il903.exe - Powered by Reason Core Security