topsadon1c.exe

neomedia

The application topsadon1c.exe by neomedia has been detected as a potentially unwanted program by 3 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘topsadonc’. While running, it connects to the Internet address i0-h0-s339.p59-icn.cdngp.net on port 80 using the HTTP protocol.
Publisher:
neomedia  (signed and verified)

MD5:
d497d98c5706f3c4c3b5a14b9da4fdfc

SHA-1:
c5bbecc44f23adb498dbb9d0e89c15daae4b5ded

SHA-256:
f508b07cf047ad9eed6f87355e5a528007e1ef4085752d512d4cae1f9146aa35

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/26/2024 6:57:24 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/AdWare.KeywordFind.D application
6.3.12010.0

F-Prot
W32/Themida_Packed
4.6.5.141

Reason Heuristics
Adware.Neomedia (M)
16.11.2.23

File size:
901.2 KB (922,856 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\topsadon\topsadon1c.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
1/25/2016 9:00:00 AM

Valid to:
1/25/2017 8:59:59 AM

Subject:
CN=neomedia, OU=IT Team, O=neomedia, L=Gangnam-gu, S=SEOUL, C=KR

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
343766F67EC25EF07DB4A9C47879EAF6

File PE Metadata
Compilation timestamp:
10/7/2016 1:43:34 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:+hDJoiywrCZLX2oy0sMHu/tN0yuJNUhQ40G98c:+ZMX2Qxu/tN0yZ

Entry address:
0x1FC000

Entry point:
83, EC, 04, 50, 53, E8, 01, 00, 00, 00, CC, 58, 8B, D8, 40, 2D, 00, 50, 0A, 00, 2D, 5D, 36, 5F, 00, 05, 52, 36, 5F, 00, 80, 3B, CC, 75, 19, C6, 03, 00, BB, 00, 10, 00, 00, 68, 9A, 43, 93, 67, 68, E0, 9F, D5, 5D, 53, 50, E8, 0A, 00, 00, 00, 83, C0, 00, 89, 44, 24, 08, 5B, 58, C3, 55, 8B, EC, 60, 8B, 75, 08, 8B, 4D, 0C, C1, E9, 02, 8B, 45, 10, 8B, 5D, 14, EB, 08, 31, 06, 01, 1E, 83, C6, 04, 49, 0B, C9, 75, F4, 61, C9, C2, 10, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9150  (probably packed)

Code size:
418.5 KB (428,544 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
topsadonc

Command:
"C:\users\{user}\appdata\roaming\topsadon\topsadon1c.exe"


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to i0-h0-s339.p59-icn.cdngp.net  (14.0.70.98:80)

TCP (HTTP):

Remove topsadon1c.exe - Powered by Reason Core Security