swkuxpm2.exe

The application swkuxpm2.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Content Video Camera”. The file has been seen being downloaded from livestatscounter.com.
MD5:
e1586348339162993effa2ef80d72117

SHA-1:
a58f0fd983665e56c94f1426d680530786986923

SHA-256:
affaac4f45f7325715d6e6b661cf058733d5fe58967cfc94c27d70bac3bc32fb

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/30/2024 7:04:06 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Adware.ConvertAd.AKA application
6.3.12010.0

Reason Heuristics
PUP.ConvertAd (M)
17.2.16.1

File size:
396.5 KB (406,016 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\Local settings\temporary internet files\content.ie5\{random}\swkuxpm2.exe

File PE Metadata
Compilation timestamp:
2/16/2017 7:56:13 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x2DE73

Entry point:
E8, E3, 05, 00, 00, E9, 8E, FE, FF, FF, 3B, 0D, D4, F0, 45, 00, F2, 75, 02, F2, C3, F2, E9, 66, 07, 00, 00, FF, 25, 58, 92, 44, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, F2, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, D4, F0, 45, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, F2, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B...
 
[+]

Entropy:
6.5796

Code size:
287.5 KB (294,400 bytes)

Service
Display name:
Content Video Camera

Service name:
tusidesy

Description:
Dual Core Dropped Connection

Type:
Win32OwnProcess


The file swkuxpm2.exe has been seen being distributed by the following URL.

https://livestatscounter.com/.../vsrv.php?sid=8add4871-86b4-43ff-a0d4-b02f6b4c57db

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-207-68-222.compute-1.amazonaws.com  (52.207.68.222:80)

TCP (HTTP):
Connects to ec2-54-83-176-117.compute-1.amazonaws.com  (54.83.176.117:80)

TCP (HTTP):
Connects to ec2-52-45-168-108.compute-1.amazonaws.com  (52.45.168.108:80)

TCP (HTTP):
Connects to ec2-52-6-149-47.compute-1.amazonaws.com  (52.6.149.47:80)

Remove swkuxpm2.exe - Powered by Reason Core Security