» spd.exe
Overview
Analysis
File Details
Behaviors (1)
Network (21)

spd.exe

ADV Publishing

The application spd.exe by ADV Publishing has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. While running, it connects to the Internet address 8c.14.9905.ip4.static.sl-reverse.com on port 443.

File name:

spd.exe

Publisher:

ADV Publishing (signed and verified)

MD5:

65af5c3c594140daedba7822247d86f6

SHA-1:

1860dd57e31e849817415d195d3a965b00467245

SHA-256:

daab833e835412a7ed16477d4f43713fffadf9b43fb9af25106efe507a9b0bd4

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

12/27/2024 7:20:29 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ADVPublishing (M)

15.8.26.10

File size:

2.1 MB (2,197,280 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\spd\bin\spd.exe

Digital Signature

Signed by:

ADV Publishing

Authority:

DigiCert Inc

Valid from:

7/14/2015 3:00:00 AM

Valid to:

9/20/2017 3:00:00 PM

Subject:

CN=ADV Publishing, O=ADV Publishing, L=West Hollywood, S=California, C=US

Issuer:

CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0D3EE7D0C318767DCA11A80A3452B8C4

File PE Metadata

Compilation timestamp:

7/28/2015 10:35:37 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

49152:33rP4QeNTS9Pk+z0SmFNel8kp/nNTtouA8Bd3SKgzR5Q:LAQWTIPk+z0lFNGx3V

Entry address:

0x134392

Entry point:

E8, 96, 33, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 51, 51, 8D, 45, F8, 50, FF, 15, A0, F0, 57, 00, 8B, 4D, F8, 8B, 45, FC, 81, C1, 00, 80, C1, 2A, 6A, 00, 68, 80, 96, 98, 00, 15, 21, 4E, 62, FE, 50, 51, E8, D6, 28, 00, 00, 85, D2, 7C, 0F, 7F, 07, 3D, 7F, D2, FF, 7F, 76, 06, 83, C8, FF, 89, 45, FC, 8B, 4D, 08, 85, C9, 74, 02, 89, 01, 8B, E5, 5D, C3, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA... 
[+]

Entropy:

6.7254

Code size:

1.5 MB (1,562,112 bytes)

Scheduled Task

Task name:

SPD

Path:

\SPD\SPD\SPD

Trigger:

Logon (Runs on logon)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to a-0011.a-msedge.net (204.79.197.213:443)

TCP (HTTP SSL):

Connects to ec2-52-28-192-217.eu-central-1.compute.amazonaws.com (52.28.192.217:443)

TCP (HTTP SSL):

Connects to msnbot-157-55-109-230.search.msn.com (157.55.109.230:443)

TCP (HTTP SSL):

Connects to ec2-54-69-171-209.us-west-2.compute.amazonaws.com (54.69.171.209:443)

TCP (HTTP SSL):

Connects to ec2-52-28-188-124.eu-central-1.compute.amazonaws.com (52.28.188.124:443)

TCP (HTTP SSL):

Connects to ec2-52-27-241-27.us-west-2.compute.amazonaws.com (52.27.241.27:443)

TCP (HTTP):

Connects to ec2-52-16-144-184.eu-west-1.compute.amazonaws.com (52.16.144.184:80)

TCP (HTTP SSL):

Connects to cweb34.collegeboard.com (209.48.35.222:443)

TCP (HTTP SSL):

Connects to collegeboard.org.ssl.d1.sc.omtrdc.net (66.235.149.2:443)

TCP (HTTP SSL):

Connects to by3301-g.1drv.com (134.170.108.96:443)

TCP (HTTP SSL):

Connects to bn2b-cor002.api.p001.1drv.com (131.253.14.227:443)

TCP (HTTP SSL):

Connects to bam-4.nr-data.net (50.31.164.174:443)

TCP (HTTP SSL):

Connects to b3.89.32a9.ip4.static.sl-reverse.com (169.50.137.179:443)

TCP (HTTP SSL):

Connects to a92-123-180-57.deploy.akamaitechnologies.com (92.123.180.57:443)

TCP (HTTP SSL):

Connects to a92-123-180-16.deploy.akamaitechnologies.com (92.123.180.16:443)

TCP (HTTP):

Connects to a23-2-22-75.deploy.static.akamaitechnologies.com (23.2.22.75:80)

TCP (HTTP SSL):

Connects to a104-107-61-90.deploy.static.akamaitechnologies.com (104.107.61.90:443)

TCP (HTTP SSL):

Connects to 8c.14.9905.ip4.static.sl-reverse.com (5.153.20.140:443)

TCP (HTTP):

Connects to 67.1d.7e4b.ip4.static.sl-reverse.com (75.126.29.103:80)

TCP (HTTP):

Connects to 64.1d.7e4b.ip4.static.sl-reverse.com (75.126.29.100:80)

Remove spd.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.