home

motionccatask.exe

The application motionccatask.exe has been detected as a potentially unwanted program by 18 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 10591 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address wikispaces.net on port 80 using the HTTP protocol.
MD5:
e24dbca553c0a6b8f2f76f4b80b51435

SHA-1:
5b9f7d38a0dac119ed20ce55addfd85b291c8579

SHA-256:
5b3d28058e2c5ec9fc8aa4769700185234ec9f94f66137ed76fdc67a41ef2d7a

Scanner detections:
18 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 11:44:47 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.172436
6391733

Agnitum Outpost
PUA.Tirrip
7.1.1

Avira AntiVirus
Adware/Tirrip.447488
7.11.204.170

avast!
Win32:Dropper-gen [Drp]
150102-1

AVG
Adware Generic6.JJR
2014.0.4257

Bitdefender
Gen:Variant.Graftor.172436
1.0.20.115

Comodo Security
Application.Win32.Tirrip.BMS
20880

Emsisoft Anti-Malware
Gen:Variant.Graftor.172436
8.15.01.23.01

ESET NOD32
Win32/Adware.Pirrit.R application
7.0.302.0

F-Prot
W32/S-97e7f007
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Graftor.172781
11.2015-30-01_6

G Data
Gen:Variant.Graftor.172436
15.1.24

Kaspersky
not-a-virus:AdWare.Win32.Tirrip
15.0.0.543

MicroWorld eScan
Gen:Variant.Graftor.172436
16.0.0.69

NANO AntiVirus
Riskware.Win32.Tirrip.dmtwrs
0.30.0.65070

Panda Antivirus
Trj/Genetic.gen
15.01.23.01

Reason Heuristics
Threat.Win.Reputation.IMP
15.1.30.1

VIPRE Antivirus
Threat.4150696
36666

File size:
437 KB (447,488 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\exportauthuimonitor\motionccatask.exe

File PE Metadata
Compilation timestamp:
1/19/2015 3:26:56 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:qfYx1vj+132g6Mf7NB/nT8SJqjnb5wOmKOMQ9Q2LQI3X330LwP/HvUskk2p:KIs1bNjT8SJqTb569nLQJp

Entry address:
0x15EF6

Entry point:
E8, 98, 04, 00, 00, E9, 63, FD, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, C8, 53, 46, 00, 89, 0D, C4, 53, 46, 00, 89, 15, C0, 53, 46, 00, 89, 1D, BC, 53, 46, 00, 89, 35, B8, 53, 46, 00, 89, 3D, B4, 53, 46, 00, 66, 8C, 15, E0, 53, 46, 00, 66, 8C, 0D, D4, 53, 46, 00, 66, 8C, 1D, B0, 53, 46, 00, 66, 8C, 05, AC, 53, 46, 00, 66, 8C, 25, A8, 53, 46, 00, 66, 8C, 2D, A4, 53, 46, 00, 9C, 8F, 05, D8, 53, 46, 00, 8B, 45, 00, A3, CC, 53, 46, 00, 8B, 45, 04, A3, D0, 53, 46, 00, 8D, 45, 08, A3, DC, 53, 46...
 
[+]

Entropy:
6.3923

Code size:
333.5 KB (341,504 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:10591/

Local host port:
10591

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to wikispaces.net  (208.43.192.34:80)

TCP (HTTP):
Connects to 173.192.82.194-static.reverse.softlayer.com  (173.192.82.194:80)

Remove motionccatask.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.