prostatic.exe

Prostatic

The application prostatic.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named 21834765 triggered to execute each time a user logs in. According to AVG, this software downloads additional adware offers during setup. While running, it connects to the Internet address 198-178-124-148.static.hvvc.us on port 80 using the HTTP protocol.
Publisher:
Prostatic

Product:
Prostatic

Version:
2.6.9.184

MD5:
ed76fbeff17b6f965bfe3ee3d0ec8106

SHA-1:
1f379d6dd7dc2e473b84621e765f31c4dab5cadf

SHA-256:
838666f903db5f3052856d18545e2883d39bffa397646a979ba59a97b872d702

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 3:18:38 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Potentially harmful program Downloader.BKTQ
2013.0.4756

Dr.Web
Adware.Dotdo.139
9.0.1.05190

ESET NOD32
MSIL/Adware.Dotdo.AP application
6.3.12010.0

Reason Heuristics
Adware.Dotdo.DB (M)
17.3.4.22

File size:
11.5 KB (11,776 bytes)

Product version:
2.6.9.184

Copyright:
Copyright © Prostatic 2017

Trademarks:
© 2017 Prostatic

Original file name:
prostatic.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\idiots\prostatic.exe

File PE Metadata
Compilation timestamp:
2/26/2017 10:28:00 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x40FE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.0261

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
8.5 KB (8,704 bytes)

Scheduled Task
Task name:
21834765

Trigger:
Logon (Runs on logon)

Description:
2183476521834765


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to static.hosted-by.miamidedicated.com  (162.222.193.86:80)

TCP (HTTP):
Connects to hosted-by.instantdedicated.com  (188.95.50.62:80)

TCP (HTTP):
Connects to 198-178-124-148.static.hvvc.us  (198.178.124.148:80)

TCP (HTTP):
Connects to ec2-52-203-229-152.compute-1.amazonaws.com  (52.203.229.152:80)

TCP (HTTP):
Connects to server-54-239-172-250.atl50.r.cloudfront.net  (54.239.172.250:80)

TCP (HTTP):
Connects to hosted-by.reliablesite.net  (206.221.178.170:80)

TCP (HTTP SSL):
Connects to map2.hwcdn.net  (205.185.216.42:443)

TCP (HTTP):
Connects to l3dsr-rtas-21.iad3.btrll.com  (162.208.22.34:80)

TCP (HTTP):
Connects to ec2-54-173-240-77.compute-1.amazonaws.com  (54.173.240.77:80)

TCP (HTTP):
Connects to ec2-54-165-232-213.compute-1.amazonaws.com  (54.165.232.213:80)

TCP (HTTP):
Connects to ec2-52-86-97-33.compute-1.amazonaws.com  (52.86.97.33:80)

TCP (HTTP):
Connects to ec2-52-86-129-112.compute-1.amazonaws.com  (52.86.129.112:80)

TCP (HTTP):
Connects to ec2-52-4-84-54.compute-1.amazonaws.com  (52.4.84.54:80)

TCP (HTTP):
Connects to ec2-52-45-118-6.compute-1.amazonaws.com  (52.45.118.6:80)

TCP (HTTP):
Connects to ec2-52-2-2-80.compute-1.amazonaws.com  (52.2.2.80:80)

TCP (HTTP):
Connects to ec2-52-202-159-191.compute-1.amazonaws.com  (52.202.159.191:80)

TCP (HTTP):
Connects to ec2-52-20-139-70.compute-1.amazonaws.com  (52.20.139.70:80)

TCP (HTTP):
Connects to ec2-52-20-128-160.compute-1.amazonaws.com  (52.20.128.160:80)

TCP (HTTP):
Connects to ec2-52-14-55-205.us-east-2.compute.amazonaws.com  (52.14.55.205:80)

TCP (HTTP):
Connects to 66.20.196.104.bc.googleusercontent.com  (104.196.20.66:80)

Remove prostatic.exe - Powered by Reason Core Security