xlive.exe

VET FAKTOR LLC

The application xlive.exe by VET FAKTOR has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address m2.elvis.beget.ru on port 80 using the HTTP protocol.
Publisher:
VET FAKTOR LLC  (signed and verified)

MD5:
7cdf36835ad259c029decbf407da4dee

SHA-1:
5a953c4dd477004b8cf2a992ed9b49b900ac7f08

SHA-256:
1841687a92f84ce091b7dd51684db2ee8a0b62147befd7d5b285b215c5a0a2e2

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/15/2024 7:32:51 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Bundler.VF (M)
17.2.15.15

File size:
1.2 MB (1,221,624 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\xlive.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
1/10/2017 4:00:00 AM

Valid to:
9/21/2017 3:59:59 AM

Subject:
CN="""VET FAKTOR"" LLC", O="""VET FAKTOR"" LLC", STREET=street Promishlennaya 2, L=Moscow, S=Troitsk, PostalCode=142191, C=RU

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4FA492605B3333D592F967584B126AB8

File PE Metadata
Compilation timestamp:
2/15/2017 4:48:48 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x538D

Entry point:
55, 8B, EC, 6A, FF, 68, F0, 4C, 40, 00, 68, C4, 5E, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 44, 10, 40, 00, 33, D2, 8A, D4, 89, 15, FC, 2D, 43, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, F8, 2D, 43, 00, C1, E1, 08, 03, CA, 89, 0D, F4, 2D, 43, 00, C1, E8, 10, A3, F0, 2D, 43, 00, 33, F6, 56, E8, A1, 09, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, E1, 07, 00, 00, FF, 15, 40, 10, 40, 00, A3, F8, 32, 43, 00, E8...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to m2.elvis.beget.ru  (5.101.152.120:80)

TCP (HTTP):
Connects to message.katcryo.com  (185.20.186.52:80)

TCP (HTTP):
Connects to ec2-34-251-27-250.eu-west-1.compute.amazonaws.com  (34.251.27.250:80)

TCP (HTTP):
Connects to connections.somalso.com  (185.20.186.92:80)

TCP (HTTP):
Connects to moscow.cdnmail.ru  (217.69.139.110:80)

TCP (HTTP):
Connects to ip-198.12-157-55.ip.secureserver.net  (198.12.157.55:80)

Remove xlive.exe - Powered by Reason Core Security