tmp8b8e.exe

The executable tmp8b8e.exe has been detected as malware by 1 anti-virus scanner. While running, it connects to the Internet address 62-210-250-215.rev.poneytelecom.eu on port 443.
MD5:
c998270532e26f1e61e3ddcc836b95d3

SHA-1:
313c9d4af4c6b558939e70ea46a7a75c42a19f31

SHA-256:
59c4971bd7c76246af911d35f5c897f07a3a4bc20454b961e565f3944297e2a8

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/24/2024 12:08:00 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Trojan.Kovter
17.2.18.23

File size:
114.8 KB (117,561 bytes)

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, China)

Common path:
C:\ProgramData\microsoft\performance\monitor\temp\tmp8b8e.exe

File PE Metadata
Compilation timestamp:
2/15/2014 9:57:40 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
4.0

Entry address:
0x5724

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, E8, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.2727

Code size:
32 MB (33,574,912 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ox-173-241-242-143.xv.dc.openx.org  (173.241.242.143:80)

TCP (HTTP SSL):
Connects to a104-95-57-27.deploy.static.akamaitechnologies.com  (104.95.57.27:443)

TCP (HTTP SSL):
Connects to a104-95-52-207.deploy.static.akamaitechnologies.com  (104.95.52.207:443)

TCP (HTTP):

TCP (HTTP):
Connects to ip4-104-245-124-147.rdns.netrouting.net  (104.245.124.147:80)

TCP (HTTP):
Connects to ec2-52-7-174-120.compute-1.amazonaws.com  (52.7.174.120:80)

TCP (HTTP):
Connects to ec2-34-192-1-64.compute-1.amazonaws.com  (34.192.1.64:80)

TCP (HTTP SSL):
Connects to ec2-23-21-85-181.compute-1.amazonaws.com  (23.21.85.181:443)

TCP (HTTP):
Connects to e9.8a.adb8.ip4.static.sl-reverse.com  (184.173.138.233:80)

TCP (HTTP):
Connects to root.omnitagjs.com  (5.196.119.250:80)

TCP (HTTP):
Connects to presentation-atl1.turn.com  (50.116.194.21:80)

TCP (HTTP SSL):
Connects to ec2-54-243-109-164.compute-1.amazonaws.com  (54.243.109.164:443)

TCP (HTTP):
Connects to ec2-52-86-56-92.compute-1.amazonaws.com  (52.86.56.92:80)

TCP (HTTP):
Connects to ec2-52-202-9-62.compute-1.amazonaws.com  (52.202.9.62:80)

TCP (HTTP):
Connects to ec2-23-20-199-36.compute-1.amazonaws.com  (23.20.199.36:80)

TCP (HTTP SSL):
Connects to cache.google.com  (66.171.92.108:443)

TCP (HTTP SSL):
Connects to 62-210-250-215.rev.poneytelecom.eu  (62.210.250.215:443)

TCP (HTTP):
Connects to 243.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net  (68.67.180.44:80)

TCP (HTTP SSL):
Connects to 236.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net  (68.67.178.184:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-lga3.fbcdn.net  (31.13.71.7:443)

Remove tmp8b8e.exe - Powered by Reason Core Security