home

subprocess.exe

Social Club UI

Take-Two Interactive Software, Inc.

The file subprocess.exe has been detected as malware by 9 anti-virus scanners. While running, it connects to the Internet address unknown.servernap.com on port 443.
Publisher:
Take-Two Interactive Software, Inc.

Product:
Social Club UI

Version:
1.1.9.6

MD5:
86a681eaada489313903f808b4ef17da

SHA-1:
3181af578896e55c6ea4e7922861844faab5d555

SHA-256:
f7dc952387c4d167a3a4bb47c4047008296607800a02fe72dadfb28dc958538f

Scanner detections:
9 / 68

Status:
Malware

Analysis date:
11/27/2024 8:40:36 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.Gen
8.3.3.4

avast!
Win32:Evo-gen [Susp]
2014.9-161222

Baidu Antivirus
Win32.Trojan.WisdomEyes.16070401.9500
4.0.3.161222

Dr.Web
Trojan.DownLoader23.22951
9.0.1.0357

ESET NOD32
MSIL/Injector.QWI (variant)
10.14626

Fortinet FortiGate
MSIL/GenKryptik.JEA!tr
12/22/2016

G Data
MSIL.Trojan.Injector.KC
16.12.25

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.-897

Qihoo 360 Security
HEUR/QVM03.0.0000.Malware.Gen
1.0.0.1120

File size:
1.3 MB (1,340,032 bytes)

Product version:
1.1.9.6

Copyright:
Copyright (C) Take-Two Interactive Software, Inc.

Original file name:
subprocess.exe

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\unp146542.tmp

File PE Metadata
Compilation timestamp:
12/16/2016 12:48:57 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x1D5E7

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 03, 00, 03, 00, 00, 00, 28, 00, 00, 80, 0E, 00, 00, 00, 70, A6, 05, 80, 10, 00, 00, 00, 06, A7, 05, 80, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 06, 00, 01, 00, 00, 00, 68, 00, 00, 80, 02, 00, 00, 00, F4, 04, 00, 80, 03, 00, 00, 00, C0, 15, 00, 80, 04, 00, 00, 00, 8C, 3B, 00, 80, 05, 00, 00, 00, D8, 7D, 00, 80, 06, 00, 00, 00, 24, 86, 01...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
109.5 KB (112,128 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):
Connects to unknown.servernap.com  (69.65.17.35:443)

Remove subprocess.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.