msdt.exe

The executable msdt.exe has been detected as malware by 5 anti-virus scanners.
MD5:
bd48ba9ef9dafbfddf1bd5ef3b9a1f74

SHA-1:
bd0b4a5195896e686810ea5b3ee12d30fe236bb9

SHA-256:
5283a45c682ed278c47b59d5d3e6267d29c60828b9d242c923152e58f1eb8d51

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
12/25/2024 1:40:07 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/ATRAPS.Gen
7.11.168.242

AVG
Win.Threat.High
2014.0.3986

Kaspersky
Trojan.Win32.Agent
15.0.0.494

Malwarebytes
Trojan.Agent
v2014.08.23.09

Qihoo 360 Security
Win32/Trojan.Multi.daf
1.0.0.1015

File size:
130.5 KB (133,632 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\roaming\microsoft\windows\ieupdate\msdt.exe

File PE Metadata
Compilation timestamp:
8/23/2004 4:53:57 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

CTPH (ssdeep):
3072:6bSK0Ib4DA3nuMpcgSyMkfEyF3iXLZvBHUc3A:6b9RbnDWkfEyF3sLZL3

Entry address:
0x6B08

Entry point:
48, 89, 5C, 24, 10, 48, 89, 74, 24, 18, 55, 48, 8D, AC, 24, 50, F8, FF, FF, 48, 81, EC, B0, 08, 00, 00, E8, E9, AB, FF, FF, E8, 08, F8, FF, FF, 84, C0, 0F, 84, FD, 02, 00, 00, 48, 8D, 95, 10, 06, 00, 00, B9, 02, 02, 00, 00, FF, 15, 02, 3B, 01, 00, 85, C0, 0F, 85, E3, 02, 00, 00, 48, 8D, 0D, 53, A8, 01, 00, 33, D2, E8, 6C, 52, 00, 00, 85, C0, 0F, 84, CD, 02, 00, 00, 48, 8D, 35, C5, A5, 01, 00, 41, B8, 04, 01, 00, 00, 33, C9, 48, 8B, D6, FF, 15, E4, 35, 01, 00, 48, 8B, CE, FF, 15, 93, 39, 01, 00, 48, 8D, 0D...
 
[+]

Code size:
99 KB (101,376 bytes)

Scrnsave
Name:
msdt.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-87-192.lax3.r.cloudfront.net  (54.230.87.192:80)

TCP (HTTP):
Connects to server-54-230-85-190.lax3.r.cloudfront.net  (54.230.85.190:80)

TCP (HTTP):
Connects to server-54-230-84-198.lax3.r.cloudfront.net  (54.230.84.198:80)

TCP (HTTP):
Connects to server-54-230-84-162.lax3.r.cloudfront.net  (54.230.84.162:80)

TCP (HTTP):
Connects to server-205-251-203-28.lax3.r.cloudfront.net  (205.251.203.28:80)

TCP (HTTP):
Connects to server-205-251-203-135.lax3.r.cloudfront.net  (205.251.203.135:80)

TCP (HTTP):
Connects to server-205-251-203-132.lax3.r.cloudfront.net  (205.251.203.132:80)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (176.32.97.225:80)

TCP (HTTP):
Connects to presentation-sjc2.turn.com  (69.194.244.11:80)

TCP (HTTP):
Connects to pc-in-f95.1e100.net  (74.125.28.95:80)

TCP (HTTP):
Connects to par10s10-in-f31.1e100.net  (173.194.40.159:80)

TCP (HTTP):
Connects to pa-in-f95.1e100.net  (74.125.25.95:80)

TCP (HTTP):
Connects to media.sj2.vcmedia.com  (64.156.167.95:80)

TCP (HTTP SSL):
Connects to lax17s02-in-f3.1e100.net  (74.125.224.67:443)

TCP (HTTP):
Connects to lax17s02-in-f16.1e100.net  (74.125.224.80:80)

TCP (HTTP):
Connects to lax17s02-in-f13.1e100.net  (74.125.224.77:80)

TCP (HTTP):
Connects to lax04s09-in-f25.1e100.net  (74.125.239.25:80)

TCP (HTTP):
Connects to lax04s09-in-f23.1e100.net  (74.125.239.23:80)

TCP (HTTP):
Connects to lax02s20-in-f27.1e100.net  (74.125.224.155:80)

TCP (HTTP):
Connects to lax02s19-in-f2.1e100.net  (74.125.224.98:80)

Remove msdt.exe - Powered by Reason Core Security