AppVerifierapc.exe

AppApcVerifier

The application AppVerifierapc.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “AppVerifier APC”. While running, it connects to the Internet address cdn-68-142-101-7.mia1.llnw.net on port 80 using the HTTP protocol.
Publisher:
AppApcVerifier

Product:
AppApcVerifier

Version:
1.0.0.0

MD5:
76450e4f3213e7e93138878bd20a2e1a

SHA-1:
9d304c51341ed41fe2910590d474d8ec669605a1

SHA-256:
76c466a2d13c2e60f091c1aad98ed1527263de9779a8fc10f7d670e1af31a4b5

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
6/19/2018 6:03:33 AM UTC  (today)

Scan engine
Detection
Engine version

Clam AntiVirus
Win.Adware.Eorezo-568
0.98/22748

Kaspersky
not-a-virus:AdWare.MSIL.Eorezo
15.0.2.529

Reason Heuristics
Adware.Apc.ER (M)
16.12.21.10

File size:
46 KB (47,104 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2016

Original file name:
AppVerifierapc.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\ProgramData\appapcverifier\appverifierapc.exe

File PE Metadata
Compilation timestamp:
6/30/2016 2:17:15 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:Nyb6r0Hb8D+O1beJWqE5N+ap+4UNoK8CT9ZleVwdHzYcHeUZ:EK0lOh7hNURDTJpmU

Entry address:
0xC2B2

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
41 KB (41,984 bytes)

Service
Display name:
AppVerifier APC

Service name:
AppApcVerifier

Description:
App Apc verifier

Type:
Win32OwnProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to cdn-68-142-101-7.mia1.llnw.net  (68.142.101.7:80)

TCP (HTTP):
Connects to https-178-79-242-128.fra.llnw.net  (178.79.242.128:80)

TCP (HTTP):
Connects to cdn-87-248-207-254.arn.llnw.net  (87.248.207.254:80)

TCP (HTTP):
Connects to cdn-68-142-101-254-mia1.llnw.net  (68.142.101.254:80)

TCP (HTTP):
Connects to cdn-208-111-168-7.ord.llnw.net  (208.111.168.7:80)

TCP (HTTP):
Connects to https-69-164-0-128.iad.llnw.net  (69.164.0.128:80)

TCP (HTTP):
Connects to https-69-164-0-0.iad.llnw.net  (69.164.0.0:80)

TCP (HTTP):
Connects to https-178-79-238-128.mrs.llnw.net  (178.79.238.128:80)

TCP (HTTP):
Connects to https-178-79-238-0.mrs.llnw.net  (178.79.238.0:80)

TCP (HTTP):
Connects to https-178-79-251-0.lcy.llnw.net  (178.79.251.0:80)

TCP (HTTP):
Connects to cdn-178-79-211-253.lon.llnw.net  (178.79.211.253:80)

TCP (HTTP):
Connects to https-208-111-130-0.yul.llnw.net  (208.111.130.0:80)

TCP (HTTP):
Connects to cds6.yhz.llnw.net  (198.164.26.41:80)

TCP (HTTP):
Connects to cds4.bkk.llnw.net  (61.90.240.6:80)

TCP (HTTP):
Connects to cds2.dmk.llnw.net  (103.21.25.4:80)

TCP (HTTP):
Connects to cds16.eze.llnw.net  (190.94.182.242:80)

TCP (HTTP):
Connects to cdn-87-248-221-254.par.llnw.net  (87.248.221.254:80)

TCP (HTTP):
Connects to cdn-69-164-44-251.gru.llnw.net  (69.164.44.251:80)

TCP (HTTP):
Connects to cdn-68-142-93-133.sea2.llnw.net  (68.142.93.133:80)

TCP (HTTP):
Connects to cdn-68-142-118-4.atl1.llnw.net  (68.142.118.4:80)

Remove AppVerifierapc.exe - Powered by Reason Core Security