PrivacyDR.exe

EuroTrade Ltd

The application PrivacyDR.exe by EuroTrade has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. While running, it connects to the Internet address s1.7500.biz on port 80 using the HTTP protocol.
Publisher:
Privacy DR  (signed by EuroTrade Ltd)

Product:
Privacy DR

Version:
2.6.7.0

MD5:
57051edd843ce18d687cd7a2d21e8138

SHA-1:
dcf1e493c21396da3059f02dede7e377c8251713

SHA-256:
bf033188c23b3a1ea5da3d49f5f5ca7abb50ec81296cc494019481048c8ad2dd

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/28/2024 3:28:30 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.EuroTrade.RegClean.Optional.Meta (L)
15.8.26.16

File size:
4.6 MB (4,823,424 bytes)

Product version:
2.6.7.0

Copyright:
Copyright © 2015

Original file name:
PrivacyDR.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\privacy dr\privacydr.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
11/2/2014 5:00:00 PM

Valid to:
11/3/2015 4:59:59 PM

Subject:
CN=EuroTrade Ltd, O=EuroTrade Ltd, STREET=Izik Shtern 1, L=Tel Aviv, S=Hamerkaz, PostalCode=62153, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
009B1A22ADB93727A6986684C4D58CF9BC

File PE Metadata
Compilation timestamp:
3/24/2015 8:34:33 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:1e4cMMx4m+mpmxmymymNmymIxtZZK4wVD51FlV0SRcmymymmmymymymdmymPi1xK:s4cMM/ZZK4IjhPOi2

Entry address:
0x48929E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.3749

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
4.5 MB (4,748,288 bytes)

Scheduled Task
Task name:
PrivacyDR_Start

Trigger:
Logon (Runs on logon)


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to s1.7500.biz  (37.187.171.44:80)

Remove PrivacyDR.exe - Powered by Reason Core Security