Policies.exe

Policies

The application Policies.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Product:
Policies

Version:
16.10.1.1

MD5:
9aaacb05eb0446e7c5ca9a89e188ee25

SHA-1:
8da08a896258b03b70a0617b9bc7a72eb793cd32

SHA-256:
14cfd16fa83111ebb3d133901508d73ee53c859d894880895cf53e9c2c3fb441

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 5:50:41 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.HahoMedia.Policies (M)
16.10.24.13

File size:
14.5 KB (14,848 bytes)

Product version:
16.10.1.1

Copyright:
Copyright © 2015

Original file name:
Policies.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\windows\syswow64\policies\161011\policies.exe

File PE Metadata
Compilation timestamp:
10/22/2016 4:13:38 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:2rFC35ncXcK9aiEPGLbL9PRt8DbAXoBX:2Fk9gzLf9PRt8QXAX

Entry address:
0x507E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.7523

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
12.5 KB (12,800 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ns517373.ip-158-69-27.net  (158.69.27.205:80)

TCP (HTTP):
Connects to a95-101-72-218.deploy.akamaitechnologies.com  (95.101.72.218:80)

TCP (HTTP):
Connects to a95-100-170-81.deploy.akamaitechnologies.com  (95.100.170.81:80)

TCP (HTTP):
Connects to static.vnpt.vn  (113.171.230.112:80)

TCP (HTTP):
Connects to static.khi77.pie.net.pk  (221.120.207.55:80)

TCP (HTTP):
Connects to ibncloud.xl.co.id  (112.215.105.153:80)

TCP (HTTP):
Connects to a184-28-218-104.deploy.static.akamaitechnologies.com  (184.28.218.104:80)

Remove Policies.exe - Powered by Reason Core Security