uiviuuj.exe

The application uiviuuj.exe has been detected as a potentially unwanted program by 6 anti-malware scanners. While running, it connects to the Internet address e2.ycpi.vip.lob.yahoo.com on port 443.
MD5:
3773017a86ae6741b2d281dd088072d6

SHA-1:
b674ae61f15d8c6398e52e8a0325b1529725569a

SHA-256:
59d77930f5ade8782657d276b750bad6444282e5c25f999cc4a63e2976d1ed1d

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 2:03:52 PM UTC  (today)

Scan engine
Detection
Engine version

Emsisoft Anti-Malware
Gen:Variant.Adware.Agent
8.15.09.16.04

ESET NOD32
Win32/RiskWare.Komodia.J application
9.7.0.302.0

F-Secure
Gen:Variant.Adware.Agent
11.2015-16-09_4

Norman
Gen:Variant.Adware.Agent.7
11.20150916

Reason Heuristics
Adware.ShopperZ.Meta (M)
15.9.10.9

Sophos
PUA 'PennyBee' (of type Adware)
5.19

File size:
1.9 MB (2,043,720 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\shopperz12082015\uiviuuj.exe

File PE Metadata
Compilation timestamp:
8/12/2015 1:45:02 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:sxmVmTVGxqkK10/XDsLXNNTLQp/tdnuZi:p4TV7aXAXNet

Entry address:
0x14D683

Entry point:
E8, F7, B5, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, F0, A2, 5D, 00, E8, 77, 1A, 00, 00, E8, 7E, 4F, 00, 00, 0F, B7, F0, 6A, 02, E8, C4, 42, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 93, 4E, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.6139

Code size:
1.5 MB (1,536,000 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-240-186-147.mad50.r.cloudfront.net  (54.240.186.147:80)

TCP (HTTP):
Connects to server-54-240-162-60.fra6.r.cloudfront.net  (54.240.162.60:80)

TCP (HTTP):
Connects to server-54-192-198-30.lhr50.r.cloudfront.net  (54.192.198.30:80)

TCP (HTTP):
Connects to server-52-85-63-90.lhr50.r.cloudfront.net  (52.85.63.90:80)

TCP (HTTP):
Connects to s1-eu.adformnet.akadns.net  (37.157.6.252:80)

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.ir2.yahoo.com  (217.12.15.96:443)

TCP (HTTP):
Connects to ns430346.ip-37-187-149.eu  (37.187.149.220:80)

TCP (HTTP):
Connects to ns304361.ovh.net  (94.23.211.118:80)

TCP (HTTP):
Connects to ls4.host.hit.gemius.pl  (137.74.1.66:80)

TCP (HTTP):
Connects to ip60.ip-87-98-242.eu  (87.98.242.60:80)

TCP (HTTP):
Connects to fra16s18-in-f2.1e100.net  (172.217.23.130:80)

TCP (HTTP):
Connects to ec2-54-236-87-23.compute-1.amazonaws.com  (54.236.87.23:80)

TCP (HTTP):
Connects to ec2-54-165-244-197.compute-1.amazonaws.com  (54.165.244.197:80)

TCP (HTTP):
Connects to ec2-52-52-98-212.us-west-1.compute.amazonaws.com  (52.52.98.212:80)

TCP (HTTP SSL):
Connects to e2.ycpi.vip.lob.yahoo.com  (87.248.114.12:443)

TCP (HTTP):
Connects to a95-101-110-44.deploy.akamaitechnologies.com  (95.101.110.44:80)

TCP (HTTP):
Connects to a92-123-216-174.deploy.akamaitechnologies.com  (92.123.216.174:80)

TCP (HTTP):
Connects to a88-221-153-58.deploy.akamaitechnologies.com  (88.221.153.58:80)

TCP (HTTP):
Connects to a23-214-151-43.deploy.static.akamaitechnologies.com  (23.214.151.43:80)

TCP (HTTP):
Connects to 89.240.178.107.bc.googleusercontent.com  (107.178.240.89:80)

Remove uiviuuj.exe - Powered by Reason Core Security