home

nonagricultural.exe

ten

The application nonagricultural.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named 37942755 triggered to execute each time a user logs in.
Product:
ten

Version:
1.0.0.0

MD5:
2bac5ecb1010cb5d2ca223b5b99b6f25

SHA-1:
d6815f0879d65246fcba83115b0ec6dc064a29b4

SHA-256:
2c8dce5d4b0e47e86454bac4333caca81ea45d80da0f452932a8c29ac44081c4

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 3:10:24 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Adware.Dotdo.AP application
6.3.12010.0

Reason Heuristics
Adware.Dotdo.ET (M)
17.2.6.17

File size:
10.5 KB (10,752 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2016

Original file name:
nonagricultural.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\astrolabe\nonagricultural.exe

File PE Metadata
Compilation timestamp:
12/25/2016 1:21:20 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x3F2E

Entry point:
FF, 25, 3C, 3F, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 10, 3F, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 60, 65, 5F, 58, 00, 00, 00, 00, 02, 00, 00, 00, 5B, 00, 00, 00, 60, 3F, 00, 00, 60, 21, 00, 00, 52, 53, 44, 53, 40, A7, 45, 2E, 70, EC, AD, 48, B4, C8, DE, 20, 81, F4, D1, EA, 01, 00, 00, 00, 43, 3A, 5C, 55, 73, 65, 72, 73, 5C, 41, 64, 6D, 69, 6E, 69, 73, 74, 72, 61, 74, 6F, 72, 5C, 44, 65, 73, 6B, 74, 6F, 70, 5C, 6E, 6F, 6E, 61, 67, 72, 69, 63, 75, 6C, 74, 75, 72, 61, 6C, 5C, 6E, 6F, 6E, 61, 67, 72, 69...
 
[+]

Entropy:
4.3748

Code size:
8 KB (8,192 bytes)

Scheduled Task
Task name:
37942755

Trigger:
Logon (Runs on logon)

Description:
3794275537942755


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to static.hosted-by.miamidedicated.com  (162.222.193.86:80)

TCP (HTTP):
Connects to hosted-by.instantdedicated.com  (188.95.50.96:80)

TCP (HTTP):
Connects to rock4.rocketeasy.com.br  (162.222.194.11:80)

TCP (HTTP):
Connects to eb.83.1732.ip4.static.sl-reverse.com  (50.23.131.235:80)

TCP (HTTP):
Connects to cdce.acs006.internap.com  (64.74.126.13:80)

TCP (HTTP):
Connects to ec2-54-86-195-49.compute-1.amazonaws.com  (54.86.195.49:80)

TCP (HTTP):
Connects to ec2-52-204-51-212.compute-1.amazonaws.com  (52.204.51.212:80)

TCP (HTTP):
Connects to ec2-52-204-11-163.compute-1.amazonaws.com  (52.204.11.163:80)

TCP (HTTP):
Connects to ec2-52-203-229-152.compute-1.amazonaws.com  (52.203.229.152:80)

TCP (HTTP SSL):
Connects to a104-118-223-236.deploy.static.akamaitechnologies.com  (104.118.223.236:443)

TCP (HTTP):
Connects to 46.c8.c0ad.ip4.static.sl-reverse.com  (173.192.200.70:80)

TCP (HTTP):
Connects to ec2-52-87-219-72.compute-1.amazonaws.com  (52.87.219.72:80)

TCP (HTTP SSL):
Connects to ec2-52-203-242-54.compute-1.amazonaws.com  (52.203.242.54:443)

TCP (HTTP):
Connects to ec2-52-202-159-191.compute-1.amazonaws.com  (52.202.159.191:80)

TCP (HTTP):
Connects to ec2-34-194-23-195.compute-1.amazonaws.com  (34.194.23.195:80)

TCP (HTTP):
Connects to e1.ycpi.vip.cha.yahoo.com  (216.115.96.177:80)

TCP (HTTP):
Connects to ec2-52-6-82-141.compute-1.amazonaws.com  (52.6.82.141:80)

Remove nonagricultural.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.