» 02bb21fadad72358d9d032e686dd4820.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (75)

02bb21fadad72358d9d032e686dd4820.exe

The application 02bb21fadad72358d9d032e686dd4820.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a separate (within the context of its own process) windows Service named “5c4c9892dd626013fdafdbc2d0cd2972”. This file is typically installed with the program Social2Search which is a potentially unwanted software program. While running, it connects to the Internet address ch4plpkivs-v03.any.prod.ord1.secureserver.net on port 80 using the HTTP protocol.

File name:

Version:

11.12.1.297

MD5:

374d1af39bc27d013babcf1b4c34a382

SHA-1:

4033de2e04f02e38b996340e97883a31ab689c40

SHA-256:

4ca99ad5293b89947dcfbc2cb3708e11927841bd9d249502ea4a81793440b402

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 6:31:29 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

RiskWare.NetFilter

17.1.31.8

File size:

20.4 MB (21,400,576 bytes)

Product version:

11.12.1.297

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\5c4c9892dd626013fdafdbc2d0cd2972\02bb21fadad72358d9d032e686dd4820.exe

File PE Metadata

Compilation timestamp:

1/27/2017 1:53:01 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x147D5C4

Entry point:

E9, DF, 00, 00, 00, 6E, F0, 00, EE, 67, 37, C0, FD, 24, 1A, 34, 90, EA, 7F, 48, B3, 4A, 44, 05, 48, 7D, EF, 6E, 28, FC, C6, E3, 60, 5F, FC, 28, 64, 5D, 79, 8E, 52, 87, 89, 81, 3D, FE, 75, CA, 90, D6, C4, E5, 7F, DB, 29, B5, 98, 5E, E8, F1, EB, 62, 36, 1F, 59, 2B, C3, 5E, 82, 12, 1F, 7C, 65, AC, 89, F5, 22, 20, D0, E6, 79, 28, 04, 19, F1, B8, 68, A4, 4D, B8, 08, 56, 9E, 43, 5A, CD, BD, E3, BD, 11, E7, C1, 60, F7, BE, B7, B9, B8, FD, B8, 3C, 75, 9B, 06, 65, 8E, A8, 29, C5, A1, 15, 1E, 37, F7, 4B, 9F, CC, C2... 
[+]

Packer / compiler:

Xtreme-Protector v1.05

Code size:

19 MB (19,927,040 bytes)

Service

Display name:

5c4c9892dd626013fdafdbc2d0cd2972

Type:

Win32OwnProcess

Depends on:

RPCSS

The file 02bb21fadad72358d9d032e686dd4820.exe has been discovered within the following program.

Social2Search by Social2Search

www.technologietrudeau.com

About 61% of users remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to a23-44-155-27.deploy.static.akamaitechnologies.com (23.44.155.27:80)

TCP (HTTP):

Connects to a23-15-155-27.deploy.static.akamaitechnologies.com (23.15.155.27:80)

TCP (HTTP):

Connects to ocsp.comodoca.com (178.255.83.1:80)

TCP (HTTP):

Connects to a23-51-43-27.deploy.static.akamaitechnologies.com (23.51.43.27:80)

TCP (HTTP):

Connects to a23-51-37-163.deploy.static.akamaitechnologies.com (23.51.37.163:80)

TCP (HTTP):

Connects to a23-15-149-163.deploy.static.akamaitechnologies.com (23.15.149.163:80)

TCP (HTTP):

Connects to crl.comodoca.com.cdn.cloudflare.net (178.255.83.2:80)

TCP (HTTP):

Connects to a23-41-69-163.deploy.static.akamaitechnologies.com (23.41.69.163:80)

TCP (HTTP):

Connects to sg2plpkivs-v01.any.prod.sin2.secureserver.net (182.50.136.237:80)

TCP (HTTP):

Connects to server-54-192-25-218.mxp4.r.cloudfront.net (54.192.25.218:80)

TCP (HTTP):

Connects to a23-50-75-27.deploy.static.akamaitechnologies.com (23.50.75.27:80)

TCP (HTTP):

Connects to a23-37-43-27.deploy.static.akamaitechnologies.com (23.37.43.27:80)

TCP (HTTP):

Connects to a23-37-37-163.deploy.static.akamaitechnologies.com (23.37.37.163:80)

TCP (HTTP):

Connects to sg2plpkivs-v03.any.prod.sin2.secureserver.net (182.50.136.239:80)

TCP (HTTP):

Connects to server-54-192-25-141.mxp4.r.cloudfront.net (54.192.25.141:80)

TCP (HTTP):

Connects to a95-101-180-146.deploy.akamaitechnologies.com (95.101.180.146:80)

TCP (HTTP):

Connects to a23-4-187-27.deploy.static.akamaitechnologies.com (23.4.187.27:80)

TCP (HTTP):

Connects to a104-95-190-9.deploy.static.akamaitechnologies.com (104.95.190.9:80)

TCP (HTTP):

Connects to vip1.g5.cachefly.net (66.225.197.197:80)

TCP (HTTP):

Connects to a23-4-181-163.deploy.static.akamaitechnologies.com (23.4.181.163:80)

Remove 02bb21fadad72358d9d032e686dd4820.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.