subarctic.exe

Subarctic

The application subarctic.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named 33792230 triggered to execute each time a user logs in. While running, it connects to the Internet address 198-178-124-244.static.hvvc.us on port 80 using the HTTP protocol.
Publisher:
Subarctic

Product:
Subarctic

Version:
9.4.2.153

MD5:
61850fc8395af9a4d7a7eb439ddbab1b

SHA-1:
8dd9d3789c0ba289232b24c5aea7ba6950a448f7

SHA-256:
52e0df0f9c850249cee64ee56852e80f1885443fb7dbe62a481c18b6f5bc0eaf

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/28/2024 6:41:19 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Adware.Dotdo.AP application
6.3.12010.0

Reason Heuristics
Adware.Dotdo.ET (M)
17.2.17.4

File size:
8.5 KB (8,704 bytes)

Product version:
9.4.2.153

Copyright:
Copyright © Subarctic 2017

Trademarks:
© 2017 Subarctic

Original file name:
subarctic.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\monarch\subarctic.exe

File PE Metadata
Compilation timestamp:
1/24/2017 9:05:55 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x35AE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.2942

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
5.5 KB (5,632 bytes)

Scheduled Task
Task name:
33792230

Trigger:
Logon (Runs on logon)

Description:
3379223033792230


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to static.hosted-by.miamidedicated.com  (162.222.193.86:80)

TCP (HTTP):
Connects to server-52-85-133-100.iad53.r.cloudfront.net  (52.85.133.100:80)

TCP (HTTP):
Connects to px-acs001.quantserve.com.akadns.net  (66.150.48.51:80)

TCP (HTTP):
Connects to server-54-192-192-201.iad53.r.cloudfront.net  (54.192.192.201:80)

TCP (HTTP):
Connects to map2.hwcdn.net  (205.185.216.10:80)

TCP (HTTP):
Connects to lb-web.ustream.tv  (199.66.238.211:80)

TCP (HTTP):
Connects to hosted-by.instantdedicated.com  (188.95.50.62:80)

TCP (HTTP):
Connects to ec2-52-6-166-140.compute-1.amazonaws.com  (52.6.166.140:80)

TCP (HTTP):
Connects to ec2-52-20-16-126.compute-1.amazonaws.com  (52.20.16.126:80)

TCP (HTTP):
Connects to eb.83.1732.ip4.static.sl-reverse.com  (50.23.131.235:80)

TCP (HTTP):
Connects to 40.1e.2fa9.ip4.static.sl-reverse.com  (169.47.30.64:80)

TCP (HTTP):
Connects to 198-178-124-244.static.hvvc.us  (198.178.124.244:80)

TCP (HTTP):
Connects to 162-254-148-148.static.hvvc.us  (162.254.148.148:80)

Remove subarctic.exe - Powered by Reason Core Security