home

5810.exe

HQ Video Pro 3.1cV18.09

Digit Network (Extreme White Limited)

The application 5810.exe, “HQ Video Pro 3.1cV18.09 exe” by Digit Network (Extreme White Limited) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address tlb.hwcdn.net on port 80 using the HTTP protocol.
Publisher:
HQ VideoV18.09  (signed by Digit Network (Extreme White Limited))

Product:
HQ Video Pro 3.1cV18.09

Description:
HQ Video Pro 3.1cV18.09 exe

Version:
1000.1000.1000.1000

MD5:
d48d649739608b4a266c8e8234b1e286

SHA-1:
7b429ee6091fb31f6d0b034a81e0bab3cdc2b34f

SHA-256:
ee8e90a8c0c87b749ac176a30c8c4416791a616d62eb154e15d72be0f2faddc8

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/27/2024 12:33:04 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ExtremeWhite.DigitNetworkExtremeWhiteLimited (M)
16.1.23.23

File size:
1.4 MB (1,517,648 bytes)

Product version:
1000.1000.1000.1000

Copyright:
Copyright 2011

Original file name:
HQ Video Pro 3.1cV18.09.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\5810.exe

Digital Signature
Signed by:
Digit Network (Extreme White Limited)

Authority:
COMODO CA Limited

Valid from:
4/15/2015 5:30:00 AM

Valid to:
4/15/2016 5:29:59 AM

Subject:
CN=Digit Network (Extreme White Limited), O=Digit Network (Extreme White Limited), STREET=Tassou Papadopulu 6 (flat/office 22), L=Nicosia, S=Agios Dometios, PostalCode=2373, C=CY

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F39F5E5096779B72822CF8381166A432

File PE Metadata
Compilation timestamp:
9/18/2015 9:35:51 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:2XVBevEnz7kCRw/hP1mBP4x0q5YxCwHF5SxAbYSu2FKTtpSHeK2zjv4LcCK7sLqR:2IiG/hP1mIinF2A6TtpSHbCmcCK7sLbo

Entry address:
0xCD5DD

Entry point:
E8, 4B, 06, 01, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, B8, E9, 54, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 58, B1, 54, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, B8, E9, 54, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8...
 
[+]

Entropy:
6.4920

Code size:
1011.5 KB (1,035,776 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to tlb.hwcdn.net  (69.16.175.10:80)

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (54.231.81.217:80)

TCP (HTTP):
Connects to ec2-54-243-209-176.compute-1.amazonaws.com  (54.243.209.176:80)

TCP (HTTP):
Connects to ec2-50-19-95-16.compute-1.amazonaws.com  (50.19.95.16:80)

TCP (HTTP):
Connects to ec2-50-16-231-217.compute-1.amazonaws.com  (50.16.231.217:80)

Remove 5810.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.