home

7eda.tmp.exe

The executable 7eda.tmp.exe has been detected as malware by 1 anti-virus scanner. It runs as a windows Service named “gfghhun”. While running, it connects to the Internet address zeus2.travelsoft.ru on port 80 using the HTTP protocol.
MD5:
6c04c2ea530c1494153d2eff34c0b960

SHA-1:
385f57c2d129601bc302437c8b005258d6da7d11

SHA-256:
d5d00e8186292ea0d7190a755b5b33f73eb13470e9648e32e6138dea728786a1

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
4/25/2024 12:09:36 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Trojan.Delf
16.12.15.6

File size:
409.5 KB (419,328 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\7eda.tmp.exe

File PE Metadata
Compilation timestamp:
2/26/2016 12:52:51 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

Entry address:
0x5A968

Entry point:
55, 8B, EC, B9, 0A, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, 56, 57, B8, 00, 65, 45, 00, E8, 10, FE, FA, FF, 33, C0, 55, 68, 2F, AD, 45, 00, 64, FF, 30, 64, 89, 20, 8D, 45, EC, E8, 1A, B5, FF, FF, 8B, 55, EC, B8, 64, 34, 36, 01, E8, F1, C8, FA, FF, E8, F4, 1B, FF, FF, 83, F8, 01, 1B, C0, 40, 84, C0, 0F, 84, 5A, 03, 00, 00, 8D, 55, E4, 33, C0, E8, 40, D0, FB, FF, 8B, 4D, E4, 8D, 45, E8, BA, 4C, AD, 45, 00, E8, 90, CD, FA, FF, 8B, 45, E8, E8, 48, C9, FA, FF, 50, E8, A2, 03, FB, FF, B8, 05, 00, 00, 00, E8...
 
[+]

Entropy:
6.3120

Developed / compiled with:
Microsoft Visual C++

Code size:
356.5 KB (365,056 bytes)

Service
Display name:
gfghhun

Service name:
aaaxkwdftik

Type:
Win32OwnProcess, InteractiveProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to yt95for-storage.uferas.com  (95.211.125.236:80)

TCP (HTTP):
Connects to u17567356.onlinehome-server.com  (74.208.221.229:80)

TCP (HTTP):
Connects to biz.mail.ru  (46.0.202.55:80)

TCP (HTTP):
Connects to zeus2.travelsoft.ru  (217.29.51.172:80)

TCP (HTTP):
Connects to cl3-w.ht-systems.ru  (78.110.50.113:80)

TCP (HTTP):
Connects to apache2-grog.klamathfalls.dreamhost.com  (69.163.164.215:80)

TCP (HTTP):
Connects to 0891165594.static.corbina.ru  (85.21.240.207:80)

TCP (HTTP):
Connects to h2.ihc.ru  (91.218.229.13:80)

TCP:
Connects to vcs-s-myc.mail.vip.sg3.yahoo.com  (106.10.150.171:465)

TCP:
Connects to mtaout-a-atc-b.mx.aol.com  (152.163.0.101:465)

TCP:
Connects to mtaout-a-atc-a.mx.aol.com  (152.163.0.69:465)

TCP:
Connects to mr14147.mail.163.com  (220.181.14.147:465)

TCP (HTTP):
Connects to srv122-h-st.jino.ru  (81.177.141.153:80)

TCP:
Connects to smtp.tiscali.it  (213.205.33.13:465)

TCP (HTTP):
Connects to ip-176-192-77-170.bb.netbynet.ru  (176.192.77.170:80)

TCP (HTTP):
Connects to vps-1033709-9570.host4g.ru  (89.253.223.149:80)

TCP:
Connects to smtpauth.wanadoo.fr  (193.252.22.86:465)

TCP (HTTP):
Connects to mrrr-lev.fvds.ru  (82.146.40.55:80)

TCP:
Connects to mail.gmx.net  (212.227.17.190:465)

TCP:
Connects to m213-177.yeah.net  (123.58.177.213:465)

Remove 7eda.tmp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.