Notification.exe

Notification

Qtrax Inc

The application Notification.exe by Qtrax Inc has been detected as a potentially unwanted program by 2 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘QtraxNotification’. While running, it connects to the Internet address server-54-230-81-22.mia50.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Qtrax Inc  (signed and verified)

Product:
Notification

Version:
1.0.0.0

MD5:
5fcdf9a713a70c9c365182948eca9952

SHA-1:
40c7948a51037613ce62a3d647873386a81846b5

SHA-256:
3fb1c2f3af4ed110438d3d9cc4be75edbbdaf4361d6531360e9b283ab7fb9172

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 8:34:40 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.Startup.Qtrax.M
14.2.16.6

Trend Micro House Call
TROJ_GEN.F47V0701
7.2.358

File size:
77.3 KB (79,144 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2013

Original file name:
Notification.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\admin\qtrax\player\notification.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
7/31/2012 10:51:42 PM

Valid to:
5/15/2014 1:39:01 AM

Subject:
CN=Qtrax Inc, O=Qtrax Inc, L=New York, S=NY, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B85B70415878A

File PE Metadata
Compilation timestamp:
6/21/2013 4:15:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:ygUIUvuhp/ie6aasIKwvuhp/ie6aasIKZY4C9XL:ygUIwmgkIKcmgkIKZY4C9X

Entry address:
0x13CAE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
71.5 KB (73,216 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
QtraxNotification

Command:
C:\users\admin\qtrax\player\notification.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-192-14-187.ams1.r.cloudfront.net  (54.192.14.187:80)

TCP (HTTP):
Connects to server-54-192-3-194.lhr5.r.cloudfront.net  (54.192.3.194:80)

TCP (HTTP):
Connects to server-54-230-5-128.dfw3.r.cloudfront.net  (54.230.5.128:80)

TCP (HTTP):
Connects to server-54-230-5-74.dfw3.r.cloudfront.net  (54.230.5.74:80)

TCP (HTTP):
Connects to server-54-192-130-91.ams50.r.cloudfront.net  (54.192.130.91:80)

TCP (HTTP):
Connects to server-52-84-246-91.sfo20.r.cloudfront.net  (52.84.246.91:80)

TCP (HTTP):
Connects to server-54-230-122-130.dfw50.r.cloudfront.net  (54.230.122.130:80)

TCP (HTTP):
Connects to server-54-230-5-243.dfw3.r.cloudfront.net  (54.230.5.243:80)

TCP (HTTP):
Connects to server-54-192-130-156.ams50.r.cloudfront.net  (54.192.130.156:80)

TCP (HTTP):
Connects to server-54-230-5-142.dfw3.r.cloudfront.net  (54.230.5.142:80)

TCP (HTTP):
Connects to server-54-192-130-79.ams50.r.cloudfront.net  (54.192.130.79:80)

TCP (HTTP):
Connects to server-54-230-5-157.dfw3.r.cloudfront.net  (54.230.5.157:80)

TCP (HTTP):
Connects to server-54-230-5-101.dfw3.r.cloudfront.net  (54.230.5.101:80)

TCP (HTTP):
Connects to server-54-230-5-186.dfw3.r.cloudfront.net  (54.230.5.186:80)

TCP (HTTP):
Connects to server-54-230-5-108.dfw3.r.cloudfront.net  (54.230.5.108:80)

TCP (HTTP):
Connects to server-54-230-122-234.dfw50.r.cloudfront.net  (54.230.122.234:80)

TCP (HTTP):
Connects to server-52-84-246-244.sfo20.r.cloudfront.net  (52.84.246.244:80)

TCP (HTTP):
Connects to server-54-230-5-75.dfw3.r.cloudfront.net  (54.230.5.75:80)

TCP (HTTP):
Connects to server-54-230-5-53.dfw3.r.cloudfront.net  (54.230.5.53:80)

TCP (HTTP):
Connects to server-54-230-5-204.dfw3.r.cloudfront.net  (54.230.5.204:80)

Remove Notification.exe - Powered by Reason Core Security