scrubbing.exe

Scrubbing

The application scrubbing.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named 10898462 triggered to execute each time a user logs in. While running, it connects to the Internet address 46.c8.c0ad.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
Scrubbing

Product:
Scrubbing

Version:
5.9.5.1

MD5:
a20ef19744e2dad1e689c76aaf673508

SHA-1:
8572adfb74dd026b55ca891f0a8a1d21d871d850

SHA-256:
0374125c509cda5acd74bc466bfd872f7f89df76a8eab285a0665e23b2f4a49d

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 4:24:36 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Adware.Dotdo.AP application
6.3.12010.0

Reason Heuristics
Adware.Dotdo.ET (M)
17.2.26.7

File size:
10 KB (10,240 bytes)

Product version:
5.9.5.1

Copyright:
Copyright © Scrubbing 2017

Trademarks:
© 2017 Scrubbing

Original file name:
scrubbing.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\scrubbing.exe

File PE Metadata
Compilation timestamp:
2/5/2017 4:22:40 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x3D4E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.2982

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
7.5 KB (7,680 bytes)

Scheduled Task
Task name:
10898462

Trigger:
Logon (Runs on logon)

Description:
1089846210898462


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to static.hosted-by.miamidedicated.com  (162.222.193.86:80)

TCP (HTTP):
Connects to hosted-by.instantdedicated.com  (188.95.50.62:80)

TCP (HTTP):
Connects to 46.c8.c0ad.ip4.static.sl-reverse.com  (173.192.200.70:80)

TCP (HTTP):
Connects to lb-web.ustream.tv  (199.66.238.211:80)

TCP (HTTP):
Connects to eb.83.1732.ip4.static.sl-reverse.com  (50.23.131.235:80)

TCP (HTTP):
Connects to cdce.nym011.internap.com  (63.251.19.13:80)

TCP (HTTP):
Connects to 162-254-148-165.static.hvvc.us  (162.254.148.165:80)

TCP (HTTP):
Connects to 162-220-57-41.static.hvvc.us  (162.220.57.41:80)

TCP (HTTP SSL):
Connects to 57.247.178.107.bc.googleusercontent.com  (107.178.247.57:443)

TCP (HTTP SSL):
Connects to 40.1e.2fa9.ip4.static.sl-reverse.com  (169.47.30.64:443)

TCP (HTTP):
Connects to static-210-210-205-209.24shells.net  (209.205.210.210:80)

TCP (HTTP):
Connects to static-122-212-205-209.24shells.net  (209.205.212.122:80)

TCP (HTTP SSL):
Connects to server-54-192-11-200.lhr3.r.cloudfront.net  (54.192.11.200:443)

TCP (HTTP):
Connects to server-52-85-142-98.iad12.r.cloudfront.net  (52.85.142.98:80)

TCP (HTTP):
Connects to server-52-85-142-61.iad12.r.cloudfront.net  (52.85.142.61:80)

TCP (HTTP):
Connects to server-52-85-142-21.iad12.r.cloudfront.net  (52.85.142.21:80)

TCP (HTTP):
Connects to server-52-85-142-156.iad12.r.cloudfront.net  (52.85.142.156:80)

TCP (HTTP SSL):
Connects to server-52-84-125-203.iad16.r.cloudfront.net  (52.84.125.203:443)

TCP (HTTP):
Connects to server-52-84-125-15.iad16.r.cloudfront.net  (52.84.125.15:80)

TCP (HTTP SSL):
Connects to server-52-84-125-108.iad16.r.cloudfront.net  (52.84.125.108:443)

Remove scrubbing.exe - Powered by Reason Core Security