» bess.exe
Overview
Analysis
File Details
Behaviors (1)
Network (9)

bess.exe

Bess

The application bess.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named 17821493 triggered to execute each time a user logs in. While running, it connects to the Internet address cdce.acs006.internap.com on port 80 using the HTTP protocol.

File name:

bess.exe

Publisher:

Bess

Product:

Bess

Version:

8.4.9.179

MD5:

e0484d570c60e31fc591a3a3ad82cab5

SHA-1:

196ab0babd0de8f49564b6026297c1243e6a9409

SHA-256:

8eecb64a68f00f0eb768ed6d3192535f2bcf2cf0c6ee43874b9591983450d0d7

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 1:35:51 PM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

MSIL/Adware.Dotdo.AP application

6.3.12010.0

Reason Heuristics

Adware.Dotdo.ET (M)

17.2.6.13

File size:

8.5 KB (8,704 bytes)

Product version:

8.4.9.179

Trademarks:

Original file name:

bess.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\matua\bess.exe

File PE Metadata

Compilation timestamp:

1/22/2017 1:06:48 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

Entry address:

0x369E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

4.2960

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

6 KB (6,144 bytes)

Scheduled Task

Task name:

17821493

Trigger:

Logon (Runs on logon)

Description:

1782149317821493

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-52-84-132-97.atl52.r.cloudfront.net (52.84.132.97:80)

TCP (HTTP):

Connects to static.hosted-by.miamidedicated.com (162.222.193.17:80)

TCP (HTTP):

Connects to hosted-by.instantdedicated.com (188.95.50.96:80)

TCP (HTTP):

Connects to ec2-52-72-224-189.compute-1.amazonaws.com (52.72.224.189:80)

TCP (HTTP):

Connects to cdce.acs006.internap.com (64.74.126.13:80)

TCP (HTTP):

Connects to wce002-fs1.nexcess.net (104.207.255.3:80)

TCP (HTTP):

Connects to lb-web.ustream.tv (199.66.238.211:80)

TCP (HTTP):

Connects to ec2-52-72-71-183.compute-1.amazonaws.com (52.72.71.183:80)

TCP (HTTP):

Connects to 46.c8.c0ad.ip4.static.sl-reverse.com (173.192.200.70:80)

Remove bess.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.