per7c77.tmp

The file per7c77.tmp has been detected as a potentially unwanted program by 5 anti-malware scanners. While running, it connects to the Internet address server-54-192-75-30.hkg50.r.cloudfront.net on port 80 using the HTTP protocol.
Version:
1.0.0.11

MD5:
9c8ee1a72f304aad4e4b8be84d2971df

SHA-1:
71262727fadc45f91583eb3f4080b75125ae15ae

SHA-256:
4c8a20f6614ce21f5df706133e35d19f3bc5c3ba82e19408b215cc40ee4d182a

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 5:38:03 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Evo-gen [Susp]
2014.9-170202

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-1108

Qihoo 360 Security
HEUR/QVM10.1.0000.Malware.Gen
1.0.0.1120

Reason Heuristics
PUP.ConvertAd (M)
17.2.2.12

Rising Antivirus
Malware.Heuristic!ET#90% (rdm+)
23.00.65.17131

File size:
378 KB (387,072 bytes)

Product version:
1.0.0.11

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\per7c77.tmp

File PE Metadata
Compilation timestamp:
2/2/2017 8:09:22 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
14.0

Entry address:
0x267C8

Entry point:
E8, 4E, 05, 00, 00, E9, 87, FE, FF, FF, FF, 25, 90, 32, 44, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, F2, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 70, A0, 45, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, F2, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 70, A0, 45, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45...
 
[+]

Entropy:
6.5607

Code size:
261 KB (267,264 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-192-75-30.hkg50.r.cloudfront.net  (54.192.75.30:80)

TCP (HTTP):
Connects to server-54-192-129-163.ams50.r.cloudfront.net  (54.192.129.163:80)

Remove per7c77.tmp - Powered by Reason Core Security