» zevboutdm.exe
Overview
Analysis
File Details
Network (13)

zevboutdm.exe

Tianjing Cheng

The executable zevboutdm.exe has been detected as malware by 1 anti-virus scanner. While running, it connects to the Internet address server-54-192-129-130.ams50.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

zevboutdm.exe

Publisher:

Tianjing Cheng (signed and verified)

MD5:

aeeceb3b380093b76fe5cb32efb55cf7

SHA-1:

76b46948e68d69132b538f896f681e8e1f45574c

SHA-256:

44512d4295f59be1355c5e531efcd07420a038dd41afb56c29d447d0878bbedd

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

11/15/2024 7:32:05 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Threat.Win.Reputation (M)

17.1.27.7

File size:

414.4 KB (424,368 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\zevboutdm.exe

Digital Signature

Signed by:

Tianjing Cheng

Authority:

thawte, Inc.

Valid from:

1/18/2017 7:00:00 AM

Valid to:

7/13/2017 6:59:59 AM

Subject:

CN=Tianjing Cheng, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

616D02305A2AB5D5F4E142DAF5EB5D79

File PE Metadata

Compilation timestamp:

1/18/2017 3:51:12 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x8918

Entry point:

E8, D9, CA, FF, FF, E9, 51, 3C, 00, 00, 6A, 08, 68, D8, 39, 46, 00, E8, 72, 41, 00, 00, BE, 10, 58, 46, 00, 39, 35, 0C, 58, 46, 00, 74, 2A, 6A, 0C, E8, 80, AE, FF, FF, 59, 83, 65, FC, 00, 56, 68, 0C, 58, 46, 00, E8, 37, EF, FF, FF, 59, 59, A3, 0C, 58, 46, 00, C7, 45, FC, FE, FF, FF, FF, E8, 06, 00, 00, 00, E8, 7B, 41, 00, 00, C3, 6A, 0C, E8, CB, CF, FF, FF, 59, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 57, C6, 45, FF, 00, 8B, 7B, 08, 8D, 73, 10, 33, 3D... 
[+]

Entropy:

7.7834 (probably packed)

Code size:

365 KB (373,760 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-54-230-187-122.cdg51.r.cloudfront.net (54.230.187.122:80)

TCP (HTTP):

Connects to server-54-192-203-227.fra50.r.cloudfront.net (54.192.203.227:80)

TCP (HTTP):

Connects to server-54-192-129-95.ams50.r.cloudfront.net (54.192.129.95:80)

TCP (HTTP):

Connects to server-54-192-129-41.ams50.r.cloudfront.net (54.192.129.41:80)

TCP (HTTP):

Connects to server-54-192-129-130.ams50.r.cloudfront.net (54.192.129.130:80)

TCP (HTTP):

Connects to server-52-85-83-4.lax1.r.cloudfront.net (52.85.83.4:80)

TCP (HTTP):

Connects to server-52-85-83-254.lax1.r.cloudfront.net (52.85.83.254:80)

TCP (HTTP):

Connects to server-52-85-83-207.lax1.r.cloudfront.net (52.85.83.207:80)

TCP (HTTP):

Connects to server-52-85-83-200.lax1.r.cloudfront.net (52.85.83.200:80)

TCP (HTTP):

Connects to server-52-85-83-17.lax1.r.cloudfront.net (52.85.83.17:80)

TCP (HTTP):

Connects to server-52-85-83-159.lax1.r.cloudfront.net (52.85.83.159:80)

TCP (HTTP):

Connects to server-52-85-173-32.fra6.r.cloudfront.net (52.85.173.32:80)

TCP (HTTP):

Connects to server-52-85-173-206.fra6.r.cloudfront.net (52.85.173.206:80)

Remove zevboutdm.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.