» {blocked}.exe
Overview
Analysis
File Details
Network (3)

{blocked}.exe

RTK-TERMINAL, LLC

The application {blocked}.exe by RTK-TERMINAL has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address 67.215.238.66.static.quadranet.com on port 80 using the HTTP protocol.

File name:

{blocked}.exe

Publisher:

RTK-TERMINAL, LLC (signed and verified)

MD5:

91b64de77842c023d8ca64b6a7fbd87d

SHA-1:

1c7b472064eacab09863b6cdb05acbe3e0faaa57

SHA-256:

cbd29e722972dfe9e18eba7a0818b1ce22e5bb79ae44fa9c48d9a914270603e5

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 8:09:33 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Dropper.OO (M)

17.3.14.22

File size:

1.3 MB (1,319,952 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\canal_canalsat_beinsport.exe

Digital Signature

Signed by:

RTK-TERMINAL, LLC

Authority:

COMODO CA Limited

Valid from:

2/14/2017 1:00:00 AM

Valid to:

7/22/2017 1:59:59 AM

Subject:

CN="RTK-TERMINAL, LLC", O="RTK-TERMINAL, LLC", STREET="Rabochaja, 8", L=Belgorod, S=RU, PostalCode=308017, C=RU

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

59BCFA5B8FBB32BE06B1AC01AF5B4265

File PE Metadata

Compilation timestamp:

3/14/2017 11:08:10 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

Entry address:

0x1242E0

Entry point:

55, 8B, EC, 6A, FF, 68, 28, 81, 52, 00, 68, AC, 4F, 52, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, B0, 80, 52, 00, 33, D2, 8A, D4, 89, 15, 34, C1, 52, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 30, C1, 52, 00, C1, E1, 08, 03, CA, 89, 0D, 2C, C1, 52, 00, C1, E8, 10, A3, 28, C1, 52, 00, 33, F6, 56, E8, 16, 0B, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, E1, 07, 00, 00, FF, 15, AC, 80, 52, 00, A3, 38, C6, 52, 00, E8... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

1.2 MB (1,208,320 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-54-240-186-6.mad50.r.cloudfront.net (54.240.186.6:80)

TCP (HTTP):

Connects to ec2-54-154-230-42.eu-west-1.compute.amazonaws.com (54.154.230.42:80)

TCP (HTTP):

Connects to 67.215.238.66.static.quadranet.com (67.215.238.66:80)

Remove {blocked}.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.