britches.exe

Britches

The application britches.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named 23289645 triggered to execute each time a user logs in.
Publisher:
Britches

Product:
Britches

Version:
9.6.5.79

MD5:
ccccdb8cc822823622b34f6caec3992f

SHA-1:
efc3b1791edf797933c98eeb42144bf71c50eced

SHA-256:
47238a6683a122ada58d519ed04f1ace686943c55f307fe07fa17ffcd88ab17b

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
8/18/2018 11:03:48 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Adware.Dotdo.AP application
6.3.12010.0

Reason Heuristics
Adware.Dotdo.ET (M)
17.2.17.23

File size:
11 KB (11,264 bytes)

Product version:
9.6.5.79

Copyright:
Copyright © Britches 2017

Trademarks:
© 2017 Britches

Original file name:
britches.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\romps\britches.exe

File PE Metadata
Compilation timestamp:
2/15/2017 10:45:02 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x3EDE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.0020

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
8 KB (8,192 bytes)

Scheduled Task
Task name:
23289645

Trigger:
Logon (Runs on logon)

Description:
2328964523289645


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to static.hosted-by.miamidedicated.com  (162.222.193.86:80)

TCP (HTTP SSL):
Connects to map2.hwcdn.net  (205.185.216.42:443)

TCP (HTTP):
Connects to ec2-52-1-79-245.compute-1.amazonaws.com  (52.1.79.245:80)

TCP (HTTP):
Connects to server-52-85-89-68.jfk6.r.cloudfront.net  (52.85.89.68:80)

TCP (HTTP):
Connects to server-52-85-89-61.jfk6.r.cloudfront.net  (52.85.89.61:80)

TCP (HTTP):
Connects to server-52-85-89-48.jfk6.r.cloudfront.net  (52.85.89.48:80)

TCP (HTTP):
Connects to server-52-85-89-209.jfk6.r.cloudfront.net  (52.85.89.209:80)

TCP (HTTP):
Connects to ec2-54-82-239-65.compute-1.amazonaws.com  (54.82.239.65:80)

TCP (HTTP):
Connects to ec2-54-210-196-187.compute-1.amazonaws.com  (54.210.196.187:80)

TCP (HTTP):
Connects to ec2-54-173-226-9.compute-1.amazonaws.com  (54.173.226.9:80)

TCP (HTTP):
Connects to ec2-52-73-204-166.compute-1.amazonaws.com  (52.73.204.166:80)

TCP (HTTP):
Connects to ec2-52-54-171-173.compute-1.amazonaws.com  (52.54.171.173:80)

TCP (HTTP):
Connects to ec2-52-3-178-153.compute-1.amazonaws.com  (52.3.178.153:80)

TCP (HTTP):
Connects to ec2-52-20-215-91.compute-1.amazonaws.com  (52.20.215.91:80)

TCP (HTTP):
Connects to ec2-52-1-152-108.compute-1.amazonaws.com  (52.1.152.108:80)

TCP (HTTP SSL):
Connects to 57.247.178.107.bc.googleusercontent.com  (107.178.247.57:443)

TCP (HTTP):
Connects to 198-178-122-193.static.hvvc.us  (198.178.122.193:80)

TCP (HTTP):
Connects to 162-220-57-41.static.hvvc.us  (162.220.57.41:80)

TCP (HTTP):
Connects to hosted-by.instantdedicated.com  (188.95.50.96:80)

TCP (HTTP):
Connects to ec2-52-73-50-55.compute-1.amazonaws.com  (52.73.50.55:80)

Remove britches.exe - Powered by Reason Core Security