bbqleadsapplication.exe

NpApplication

The application bbqleadsapplication.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This executable runs as a local area network (LAN) Internet proxy server listening on port 8800 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host.
Publisher:
Microsoft*  (Invalid match)

Product:
NpApplication

Version:
2.1.0.0

MD5:
00125b40b03eda529ea89fca79b3990e

SHA-1:
62760f9fc949fe04d3512beac50e94ac33373200

SHA-256:
edd9a1fc5b5207cf1cbd975af7802cc4c060567f3097bd23bd21211b30b16aef

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2017 2:42:13 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Sendori.PastLeads (M)
16.3.23.21

File size:
370 KB (378,880 bytes)

Product version:
2.1.0.0

Copyright:
Copyright © Microsoft 2014

Original file name:
NpApplication.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\bbqleads\bbqleadsapplication.exe

File PE Metadata
Compilation timestamp:
11/27/2014 2:38:57 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:sJfb8BBf3/R7O3TmYGIMKRNAXgl39FAvTVnKPoOXEv:sfb8BBf3/R7O3qDIMKRh3TOKQh

Entry address:
0x5DC3E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.7264

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
367.5 KB (376,320 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:8800/

Local host port:
8800

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-72-161-252.compute-1.amazonaws.com  (52.72.161.252:80)

TCP (HTTP):
Connects to ec2-54-210-130-35.compute-1.amazonaws.com  (54.210.130.35:80)

TCP (HTTP):
Connects to server-54-230-37-104.jfk1.r.cloudfront.net  (54.230.37.104:80)

TCP (HTTP):
Connects to server-54-230-37-54.jfk1.r.cloudfront.net  (54.230.37.54:80)

TCP (HTTP):
Connects to server-54-230-37-231.jfk1.r.cloudfront.net  (54.230.37.231:80)

TCP (HTTP):
Connects to server-54-230-37-181.jfk1.r.cloudfront.net  (54.230.37.181:80)

TCP (HTTP):
Connects to server-52-84-125-100.iad16.r.cloudfront.net  (52.84.125.100:80)

TCP (HTTP):
Connects to server-54-230-37-62.jfk1.r.cloudfront.net  (54.230.37.62:80)

TCP (HTTP):
Connects to server-54-230-37-40.jfk1.r.cloudfront.net  (54.230.37.40:80)

TCP (HTTP):
Connects to server-54-230-37-67.jfk1.r.cloudfront.net  (54.230.37.67:80)

TCP (HTTP):
Connects to server-54-230-37-6.jfk1.r.cloudfront.net  (54.230.37.6:80)

Remove bbqleadsapplication.exe - Powered by Reason Core Security