home

bthudtask.exe

The executable bthudtask.exe has been detected as malware by 26 anti-virus scanners.
MD5:
08c161b2db5b459fc41e04e97c225a56

SHA-1:
f1c1fb1ff5f2aaba4143f63a6e49c5e15bd9ca1b

SHA-256:
4d769b22247aa5ad4dcf8be4891af1b8bc70e282f6494d66efc082a516fdbe75

Scanner detections:
26 / 68

Status:
Malware

Analysis date:
4/29/2024 8:17:52 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11918609
848

AegisLab AV Signature
Troj.Generic
2.1.4+

Agnitum Outpost
Trojan.Asterope
7.1.1

Avira AntiVirus
TR/ATRAPS.Gen
7.11.177.98

AVG
Win32/DH
2015.0.3326

Baidu Antivirus
Trojan.Win32.Agent
4.0.3.14109

Bitdefender
Trojan.Generic.11918609
1.0.20.1410

Bkav FE
W32.AsteropeRopest.Trojan
1.3.0.4959

Emsisoft Anti-Malware
Trojan.Generic.11918609
8.14.10.09.04

ESET NOD32
Win64/Asterope (variant)
8.10534

Fortinet FortiGate
W64/Asterope.A!tr
10/9/2014

F-Secure
Trojan.Generic.11918609
11.2014-09-10_5

G Data
Trojan.Generic.11918609
14.10.24

IKARUS anti.virus
Trojan.Win64.Asterope
t3scan.1.7.8.0

Kaspersky
Trojan.Win32.Agent
14.0.0.3126

Malwarebytes
Trojan.Agent
v2014.10.09.04

McAfee
RDN/Generic.dx!dgb
5600.6982

Microsoft Security Essentials
Trojan:Win64/Ropest.G
1.11005

MicroWorld eScan
Trojan.Generic.11918609
15.0.0.846

Norman
Agent.BFGVY
11.20141009

Panda Antivirus
Trj/Chgt.H
14.10.09.04

Sophos
Troj/Atraps-I
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Ropest
10310

Trend Micro House Call
TROJ_SPNR.07J914
7.2.282

Trend Micro
TROJ_SPNR.07J914
10.465.09

VIPRE Antivirus
Trojan.Win64.Ropest.e
33754

File size:
131.5 KB (134,656 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\roaming\microsoft\windows\ieupdate\bthudtask.exe

File PE Metadata
Compilation timestamp:
9/25/2004 5:18:31 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

CTPH (ssdeep):
3072:26pZob5rgMoVb6RBdtTtCQfEyF3ceBHUc3+jC:2F10YzsQfEyF333MC

Entry address:
0x6BC8

Entry point:
48, 89, 5C, 24, 10, 48, 89, 74, 24, 18, 55, 48, 8D, AC, 24, 50, F8, FF, FF, 48, 81, EC, B0, 08, 00, 00, E8, 29, AB, FF, FF, E8, 44, F7, FF, FF, 84, C0, 0F, 84, FD, 02, 00, 00, 48, 8D, 95, 10, 06, 00, 00, B9, 02, 02, 00, 00, FF, 15, 4A, 3A, 01, 00, 85, C0, 0F, 85, E3, 02, 00, 00, 48, 8D, 0D, B3, A7, 01, 00, 33, D2, E8, 04, 56, 00, 00, 85, C0, 0F, 84, CD, 02, 00, 00, 48, 8D, 35, 25, A5, 01, 00, 41, B8, 04, 01, 00, 00, 33, C9, 48, 8B, D6, FF, 15, 24, 35, 01, 00, 48, 8B, CE, FF, 15, DB, 38, 01, 00, 48, 8D, 0D...
 
[+]

Entropy:
6.4013

Code size:
100 KB (102,400 bytes)

Scrnsave
Name:
bthudtask.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-19-107.iad12.r.cloudfront.net  (54.230.19.107:80)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.8.153:80)

TCP (HTTP):
Connects to qg-in-f95.1e100.net  (74.125.29.95:80)

TCP (HTTP):
Connects to qg-in-f156.1e100.net  (74.125.29.156:80)

TCP (HTTP):
Connects to qg-in-f120.1e100.net  (74.125.29.120:80)

TCP (HTTP):
Connects to qg-in-f102.1e100.net  (74.125.29.102:80)

TCP (HTTP):
Connects to p3nlhg810c1810.shr.prod.phx3.secureserver.net  (50.62.51.1:80)

TCP (HTTP):
Connects to a23-73-86-216.deploy.static.akamaitechnologies.com  (23.73.86.216:80)

TCP (HTTP):
Connects to a23-63-227-217.deploy.static.akamaitechnologies.com  (23.63.227.217:80)

TCP (HTTP):
Connects to a23-63-227-208.deploy.static.akamaitechnologies.com  (23.63.227.208:80)

TCP (HTTP):
Connects to a23-63-227-139.deploy.static.akamaitechnologies.com  (23.63.227.139:80)

TCP (HTTP):
Connects to a23-33-169-176.deploy.static.akamaitechnologies.com  (23.33.169.176:80)

Remove bthudtask.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.