home

85cb508a88f5ffd95d802ea3965d87df.exe

The application 85cb508a88f5ffd95d802ea3965d87df.exe has been detected as a potentially unwanted program by 15 anti-malware scanners. While running, it connects to the Internet address ptr.vng.vn on port 80 using the HTTP protocol.
Version:
2.38.2.13

MD5:
fa3871e85b96a016f40331d0ccd1a3db

SHA-1:
52d42ba884a813e192595becf0d79568bb981d15

SHA-256:
4a470277e1715959fab371c631a3863e04cdcc5f7a75b5b6bcd3de8716129fdf

Scanner detections:
15 / 68

Status:
Potentially unwanted

Analysis date:
5/2/2024 12:59:57 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2853247
427

Arcabit
Trojan.Generic.D2B897F
1.0.0.628

Baidu Antivirus
Adware.Win32.Wajam
4.0.3.15125

Bitdefender
Trojan.GenericKD.2853247
1.0.20.1695

Emsisoft Anti-Malware
Trojan.GenericKD.2853247
8.15.12.05.11

Fortinet FortiGate
PossibleThreat
12/5/2015

F-Secure
Trojan.GenericKD.2853247
11.2015-05-12_7

G Data
Trojan.GenericKD.2853247
15.12.25

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.1018

McAfee
RDN/Generic.dx
5600.6561

MicroWorld eScan
Trojan.GenericKD.2853247
16.0.0.1017

nProtect
Trojan.GenericKD.2853247
15.12.02.01

Rising Antivirus
PE:Trojan.FakeIcon!1.64A5 [F]
23.00.65.151027

Trend Micro
TROJ_GEN.R00UC0OKQ15
10.465.05

VIPRE Antivirus
Win32.Malware!Drop
45582

File size:
562.5 KB (576,000 bytes)

Product version:
2.38.2.13

Original file name:
DNJ2C9.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\wnetenhancer\wnetenhancer internet enhancer\85cb508a88f5ffd95d802ea3965d87df.exe

File PE Metadata
Compilation timestamp:
10/28/2015 5:06:58 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
12288:u/Vs1ni2dRiV9CltoA15DHN9uDFEM1eRM5359+Db8/8+F2QybRs:u/Vs1i2dRF1HzoB56+F22

Entry address:
0x8DE5E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.8356

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
560 KB (573,440 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to static.vnpt.vn  (113.171.241.29:443)

TCP (HTTP):
Connects to 74.113.233.180.df.iaccap.com  (74.113.233.180:80)

TCP (HTTP):
Connects to ec2-54-221-252-20.compute-1.amazonaws.com  (54.221.252.20:80)

TCP (HTTP SSL):
Connects to coccoc.com  (123.30.175.11:443)

TCP (HTTP):
Connects to server-52-85-83-97.lax1.r.cloudfront.net  (52.85.83.97:80)

TCP (HTTP):
Connects to server-52-85-83-213.lax1.r.cloudfront.net  (52.85.83.213:80)

TCP (HTTP):
Connects to ptr.vng.vn  (49.213.67.10:80)

TCP (HTTP SSL):
Connects to edge-star-shv-01-hkg3.facebook.com  (31.13.95.8:443)

TCP (HTTP):
Connects to ec2-34-194-161-122.compute-1.amazonaws.com  (34.194.161.122:80)

TCP (HTTP):
Connects to 80.211.186.35.bc.googleusercontent.com  (35.186.211.80:80)

TCP (HTTP SSL):
Connects to sin11s03-in-f42.1e100.net  (172.217.27.42:443)

TCP (HTTP SSL):
Connects to sin10s01-in-f14.1e100.net  (216.58.221.78:443)

TCP:
Connects to sc-in-f188.1e100.net  (74.125.68.188:5228)

TCP (HTTP SSL):
Connects to sc-in-f156.1e100.net  (74.125.68.156:443)

TCP (HTTP SSL):
Connects to sc-in-f149.1e100.net  (74.125.68.149:443)

TCP:
Connects to sb-in-f188.1e100.net  (74.125.130.188:5228)

TCP (HTTP SSL):
Connects to sa-in-f94.1e100.net  (74.125.200.94:443)

TCP (HTTP SSL):
Connects to sa-in-f132.1e100.net  (74.125.200.132:443)

TCP (HTTP):
Connects to rtr3.l7.search.vip.tw1.yahoo.com  (27.123.200.67:80)

Remove 85cb508a88f5ffd95d802ea3965d87df.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.