valdes.exe

abc

The application valdes.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named 14996830 triggered to execute each time a user logs in. While running, it connects to the Internet address hosted-by.instantdedicated.com on port 80 using the HTTP protocol.
Product:
abc

Version:
1.0.0.0

MD5:
323ff7ba12f3467208223a4744063991

SHA-1:
5374579500e9a47f4c32ba277df4ef44bc842f7c

SHA-256:
5e7bff9ee5dc217362838620d657ad2aba77ddc59f6182e06c0adda2e8e5323a

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 12:09:47 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Adware.Dotdo.AP application
6.3.12010.0

Reason Heuristics
Adware.Dotdo.ET (M)
17.2.1.20

File size:
10.5 KB (10,752 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2016

Original file name:
valdes.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\bitmaps\valdes.exe

File PE Metadata
Compilation timestamp:
1/3/2017 5:18:02 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x3F8E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.2384

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
8 KB (8,192 bytes)

Scheduled Task
Task name:
14996830

Trigger:
Logon (Runs on logon)

Description:
1499683014996830


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to static.hosted-by.miamidedicated.com  (162.222.193.86:80)

TCP (HTTP):
Connects to hosted-by.instantdedicated.com  (188.95.50.96:80)

TCP (HTTP):
Connects to server-54-192-55-41.jfk6.r.cloudfront.net  (54.192.55.41:80)

TCP (HTTP):
Connects to server-54-192-55-14.jfk6.r.cloudfront.net  (54.192.55.14:80)

TCP (HTTP):
Connects to server-54-192-55-5.jfk6.r.cloudfront.net  (54.192.55.5:80)

TCP (HTTP):
Connects to cdce.bsn002.internap.com  (64.95.77.108:80)

TCP (HTTP):
Connects to amung.us  (67.202.94.93:80)

TCP (HTTP):
Connects to ec2-52-71-180-164.compute-1.amazonaws.com  (52.71.180.164:80)

TCP (HTTP):
Connects to ec2-52-3-212-201.compute-1.amazonaws.com  (52.3.212.201:80)

TCP (HTTP):
Connects to ec2-34-197-163-181.compute-1.amazonaws.com  (34.197.163.181:80)

TCP (HTTP SSL):
Connects to ec2-34-196-245-179.compute-1.amazonaws.com  (34.196.245.179:443)

TCP (HTTP):
Connects to 46.c8.c0ad.ip4.static.sl-reverse.com  (173.192.200.70:80)

TCP (HTTP):
Connects to um-21.btrll.com  (162.208.22.39:80)

TCP (HTTP):
Connects to server-54-192-55-25.jfk6.r.cloudfront.net  (54.192.55.25:80)

TCP (HTTP):
Connects to server-54-192-55-184.jfk6.r.cloudfront.net  (54.192.55.184:80)

TCP (HTTP):
Connects to pr-bh.pbp.vip.bf1.yahoo.com  (72.30.2.182:80)

TCP (HTTP):
Connects to lga-delivery-9.sys.adgear.com  (173.231.178.117:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-yyz1.facebook.com  (31.13.80.36:443)

TCP (HTTP):
Connects to ec2-54-87-193-254.compute-1.amazonaws.com  (54.87.193.254:80)

TCP (HTTP SSL):
Connects to ec2-54-87-193-166.compute-1.amazonaws.com  (54.87.193.166:443)

Remove valdes.exe - Powered by Reason Core Security