» 3cdaemon.exe
Overview
Analysis
File Details
Downloads (13)

3cdaemon.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from www.toursguardmeta.com and multiple other hosts.

File name:

3cdaemon.exe

MD5:

d74b4f638ba27de1b3085e558511a0fb

SHA-1:

8a6af5473c001ebfd741668cc5399f87c4df12ea

SHA-256:

ddff9002abdeef5598287dadabeba4c934567e23e596d1a9f7d9c85d47dc5adc

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 9:41:20 PM UTC (today)

File size:

966.8 KB (989,955 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\3cdaemon.exe

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:RqyIcn3vZpwXcG9+Zk/tQhbtA99JLclvW4BV7wwN:xn/vwXVQ24RA9f4v/BV7wwN

Entry address:

0x82D4

Entry point:

55, 8B, EC, 83, C4, F0, 33, C0, 89, 45, F0, B8, 74, 82, 40, 00, E8, 7B, BA, FF, FF, 33, C0, 55, 68, 8E, 83, 40, 00, 64, FF, 30, 64, 89, 20, 6A, 00, 68, 80, 00, 00, 00, 6A, 03, 6A, 00, 6A, 01, 68, 00, 00, 00, 80, 8D, 55, F0, 33, C0, E8, 11, A3, FF, FF, 8B, 45, F0, E8, 65, AE, FF, FF, 50, E8, CF, BA, FF, FF, 8B, 15, 34, 92, 40, 00, 89, 02, A1, 34, 92, 40, 00, 83, 38, FF, 75, 23, 6A, 10, 68, 9C, 83, 40, 00, 8D, 55, F0, 33, C0, E8, E0, A2, FF, FF, 8B, 45, F0, E8, 34, AE, FF, FF, 50, 6A, 00, E8, A4, BB, FF, FF... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

29 KB (29,696 bytes)

The file 3cdaemon.exe has been seen being distributed by the following 13 URLs.

http://www.toursguardmeta.com/Zz2MO y_8fUwnEBqv mkfqZSAFvAUB0UXkpY6x_MQ09YGK5gV4R62cH8GfTx5i0z_GqfDwJ0jy9TA11FdXHkxVf7NJ2c_m6EqJeJGM1vUNoVYYywV2_ngQYhD8K2dAYZIBiV8HkxCWsEtZuycX7yFrXlk6Ezsfswq6yijkNUFMYh2IWjXyk7wBRH3xAejM1EcXV5v9eyes2Y0wXbQHKQC6yUGXkMAg==-GzcAAERPFtsFMZm_QVDABhw41LbpIDI4Dp9rTERfWWMjFJTPAPUNy7YoPGeeDPUO9AI=

http://www.toursguardmeta.com/DAJVxDw2Q_Z2ETdQJSRnnUOprO 6tTAQXSXmD9dQd0P_7pgI7c0sTDHWQM0OpFpl72cTn_MPX1VPtWYNhFw_Rqt4pDkeITZd5vcVfSL58Jobx9r053MplCgeKSz2JTCQnVwZ6TlS8snuS_zGB2 GZvEF60W5H c3xNerrYIFOVxXY5x8Y6ngD5rrmEKnbMK p3lNT6Bj-GzcAAERPFtsFMZm_QVDABhw41LbpIDI4Dp9rTERfWWMjFJTPAPUNy7YoPGeeDPUO9AI=

http://www.farmupdatebits.com/qf 7yLJJUBq8i5O7yVQa3kOXm_vMfBYpQ6HDWx9VHIQyyV9iRG Y_FYfL_16WQfqAMdP6eydozKYoXEzbqdl4yGCzjIlnpPn1gOfUJgJxx52u5IwNRGfLLExn1HqAACso6m6IrmMX4ad4L5VWIvp00ZvSrt2je GryhJQL_XHvusx6hZ4A4uqTFmrw0yxKy4miNCUtQ-GzcAAERPFtsFMZm_QVDABhw41LbpIDI4Dp9rTERfWWMjFJTPAPUNy7YoPGeeDPUO9AI=

http://www.farmupdatebits.com/R9l4CHEAe77XEvn835T3p3_TUaEdDZO_o zDgcJHkDSTsINGrMdNCQowwLPS0NARJkyPkeia0DkijExASQXk_twoVIWIqXft_A5vTlAbbcYuFDMb5JPwtvvqTEFoseqhxNT42PkepxoVJ2qTbbLMi 3RyYEI5o9jwfUcJEHIoX8KxBQGjO Fo2yCpQcSx9UAPpBMr3XG-GzcAAERPFtsFMZm_QVDABhw41LbpIDI4Dp9rTERfWWMjFJTPAPUNy7YoPGeeDPUO9AI=

http://www.toursguardmeta.com/kEzcw8rAH1FLfzETZcnWGHz9Bo1axwXUXfL0OplSVxc4PlmJT9ulAF_7vJNK zdju6Kf9wmlfxMKtI9IDdK0qBxfrKpcpZRuCXOemsfAm0MZlGcMo3FTeAte7Vjr3ba4tdFODWr1R0_ZeAvsLYDOqe NFRkuBdYsfWVj0q4xi4__6K wm2LCPDzryr0fAET7h8moyLAB-GzcAAERPFtsFMZm_QVDABhw41LbpIDI4Dp9rTERfWWMjFJTPAPUNy7YoPGeeDPUO9AI=

http://www.toursguardmeta.com/ qgKRAAoVD99odX5EaQ9AItiRGx9wOWQjYnx5wUQx3fHDi 4LVzu0ip0vjNP0pvnwTsZ69Y2BsNYYuATg6gRX8bdUVLGyBqnTuxKkJF_JftcquuLTrDSdfkOb8X9jcAfsIhySMtXSSOb4hOu lgoHPc8PzdN5f1DbKN1ZdsJY6Q9S8CteHqusaSmAfOS1KS3c_88N0FUPkdUSvx9OFn_gyZbjlkyQb5bBPP7GW2zY3d0QBer_Tng3RHAEAE82gclSycKNOSQyNiZwFvDdj6G2M2lk7PTHfByQu56BJzHAZE527xPXqdW05zFR4LdM1ivT42B4BsY_q5A gfkFYmMYPWHpNxGwWs6YyhwG88lLgC6vPiJBncPnb0tnRxxFw4WbTY_0lM83WzIIk5eviKEcJMUsFKfzMAktWe4n_gy2LVySVsCKTY3074ckgrCMCISBnYlrFzgCApKpSFTYkwSC2hY47ArCVqzROlvyfJrvUX45Ol9lWQ=-GzcAAERPFtsFMZm_QVDABhw41LbpIDI4Dp9rTERfWWMjFJTPAPUNy7YoPGeeDPUO9AI=

http://www.toursguardmeta.com/5a8SDdfc0KA1G33l9jcouGkpvVt9zsfGscODBqfFN4a11oEGbgGz4oOwAgjvZK0IgikfhPL_wYG1T8RtDbCUXYIHx0HXk AMVWAK5RRxm_e4qs KTjC2dixKVnOIrspUZS12RjCqXHp Sa3J7Sr3gonynVwA1PuFl95rwdqV21bB6LsNwZayIFP74V WmrfpckQwraYCqE6BwA3SMZAPz_VObVnXRuGXqt8iCApAgH6sHU_1b Q_p 432BdqI rBHXLiMrXG4vXmzA7Xlko6IGKjqAtL_GgFDWr6MKwbS5E_c2_Pe3RZso7MOM9vZR3HkE3fV2R5MHO5PhCC1EckgGxxcwL25 yEG8N5sVabXbIKnePMWLWPse00z4fpMQpWsxYP15U6NNxEz5kNsaxwjkd8kIYiZ1HQ2pwVqugKoYpYHzP3TDf09D94o2llUDbxeSBCHUbkyfdtIrXzDVIjL5Gd4JoskbsAjuhppHDQmkSF8oSCisU=-GzcAAERPFtsFMZm_QVDABhw41LbpIDI4Dp9rTERfWWMjFJTPAPUNy7YoPGeeDPUO9AI=

http://www.toursguardmeta.com/2i3va4HRftJrh5SNpUC invVSuGpD2WFehSlucqu_N81jxO9KgSZRX30s3UjQZzm9xMkmcvAR f0Uubp4DJJFNqUOY_AXkA3h62xus6O8xBgCH J0UlJg3ctTJnQVJld9a5fEnjD3JYM59ss6rri5QhJbBjY8dxAkc84_PiaXv_UZdGzVoWE9qPjz 0Vdgw_JDhnyAhN-GzcAAERPFtsFMZm_QVDABhw41LbpIDI4Dp9rTERfWWMjFJTPAPUNy7YoPGeeDPUO9AI=

http://www.presentbitsshare.com/c?x=lYiN3 fiH/CuITON1ELZBCRZOB4NVX138R60rDWbidw=&c=Rq3GyVIYS8PTLmNwaduvfZTSzdxijYPyVGcfIOiTzz2r8jEQ7XDci6XcQDOPI9Ozk3ESN0zi6uWFgvY3Z SLEAhgryBB QkPTbl19gEjsk7cqU8zrn8/ZcDnc4XZRw4MrTay3UhVI83tzYdBaR4PzkBm8jXiPzisQxCZKgGIS0USlfRpWlz jxgS GXPTMF8&downloadAs=3cdaemon.exe&fallback_url=http://static.updatestar.net/dl/.../3cdaemon.exe

http://www.presentbitsshare.com/c?x=lEKow3BKdZ kVh2/0mjnV65xBOonIJvXRWV1OV2VR/s=&c=IfN6LR6uzlp/zh6jzBGeGV4pualO NZ CmKnGaozDYoiFrw1hg 54vanC19rWLNVd1G7oM D3czrAyUh6LYZ 0V0UfkO9kyyIRFEmC9F/RAEejG/3QW0u3IpUq1aYlC7AQITx0M0 b11ku9/SwlPVid6 BVlnt3jrIHpR9OnnldMGkO2KLi9MH 7p90jKii8&downloadAs=3cdaemon.exe&fallback_url=http://static.updatestar.net/dl/.../3cdaemon.exe

http://www.presentbitsshare.com/c?x=kD/E3GCeQbkouI2qLm/6m gaWp0N01Hac1ne5kXv6PM=&c=Afhrel4mS2t1FRhbyuJoUeoJ WvQbTTsx6 l62/xYoKd k50EZ2WdHhSke2HRI8bGXgtnGYpUkgun7TnCuRSlqkK9HJpsmHFPdbfCEUWaYQAVOxa 6Tfywt OXjpGH7t9GsUN2LWLJLS9YaDUm7TEzG4MvJWlhJIU9X26yhd6PmhcWCMcBOpJwX/iH PHdu8&downloadAs=3cdaemon.exe&fallback_url=http://static.updatestar.net/dl/.../3cdaemon.exe

http://www.bestcleanshare.com/c?x=slaJe7fd6QTbg4HgEpHdzzPNFuEKe0FkvbRwvD59wPU=&c=MFtnLJXudrHucaNNvXrYGbkYe4qNzfHaHCLXV4AjJKultV2L50v0bERcmT69UflGQ5mwSsb2KMewqkl depAy9ARslkDsfjehfi/uKFbBh8b8CAdkZSfPYavtAU0KyHomrnRhI2nas1tQarSTPUYudO7LenX9wxA2526u4VIguc=&downloadAs=3cdaemon.exe&fallback_url=http://static.updatestar.net/dl/.../3cdaemon.exe

http://static.updatestar.net/dl/.../3cdaemon.exe

Scan 3cdaemon.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.