cdhtr.exe

The application cdhtr.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Description:
Wmi protect host

Version:
6.7.0.0

MD5:
6b889355662fdb7848bbfe5c96f9cd4e

SHA-1:
81f7db31289230b28374540936dcddc2f7f12a75

SHA-256:
8cc7a37d4a3027512afedb482cc9b52798f417ab29e3e774f7283e49bf9fad39

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/19/2017 4:22:55 AM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Yelloader.Meta (M)
16.2.21.19

File size:
806.5 KB (825,856 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\msrtn32\cdhtr.exe

File PE Metadata
Compilation timestamp:
8/6/2015 3:06:47 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:vGpjA8NlJSOSyKrZjV4V8SQl9XxgpaODNXiD5k5ZbcDnUSIvLnqGOkAUQkJ7IrLz:vGA7HyKh4AUJxT

Entry address:
0x2B8EE

Entry point:
E8, ED, 03, 00, 00, E9, 63, FD, FF, FF, FF, 25, 4C, 41, 43, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, A8, 47, 4B, 00, 89, 0D, A4, 47, 4B, 00, 89, 15, A0, 47, 4B, 00, 89, 1D, 9C, 47, 4B, 00, 89, 35, 98, 47, 4B, 00, 89, 3D, 94, 47, 4B, 00, 66, 8C, 15, C0, 47, 4B, 00, 66, 8C, 0D, B4, 47, 4B, 00, 66, 8C, 1D, 90, 47, 4B, 00, 66, 8C, 05, 8C, 47, 4B, 00, 66, 8C, 25, 88, 47, 4B, 00, 66, 8C, 2D, 84, 47, 4B, 00, 9C, 8F, 05, B8, 47, 4B, 00, 8B, 45, 00, A3, AC, 47, 4B, 00, 8B, 45, 04, A3, B0, 47, 4B, 00, 8D...
 
[+]

Entropy:
6.0029

Code size:
202 KB (206,848 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-87-166-181.compute-1.amazonaws.com  (54.87.166.181:80)

TCP (HTTP):
Connects to ec2-54-187-101-188.us-west-2.compute.amazonaws.com  (54.187.101.188:80)

TCP (HTTP):
Connects to ec2-52-7-200-32.compute-1.amazonaws.com  (52.7.200.32:80)

TCP (HTTP):
Connects to ec2-52-55-160-49.compute-1.amazonaws.com  (52.55.160.49:80)

TCP (HTTP):
Connects to ec2-52-44-181-65.compute-1.amazonaws.com  (52.44.181.65:80)

TCP (HTTP):
Connects to ec2-52-0-133-13.compute-1.amazonaws.com  (52.0.133.13:80)

TCP (HTTP):
Connects to ec2-34-207-12-205.compute-1.amazonaws.com  (34.207.12.205:80)

TCP (HTTP):
Connects to ec2-184-73-234-195.compute-1.amazonaws.com  (184.73.234.195:80)

TCP (HTTP):
Connects to ec2-174-129-12-59.compute-1.amazonaws.com  (174.129.12.59:80)

TCP (HTTP):

TCP (HTTP SSL):
Connects to a23-45-180-169.deploy.static.akamaitechnologies.com  (23.45.180.169:443)

TCP (HTTP):
Connects to a23-45-180-152.deploy.static.akamaitechnologies.com  (23.45.180.152:80)

TCP (HTTP SSL):
Connects to a23-218-48-99.deploy.static.akamaitechnologies.com  (23.218.48.99:443)

TCP (HTTP SSL):
Connects to a23-10-179-38.deploy.static.akamaitechnologies.com  (23.10.179.38:443)

TCP (HTTP SSL):
Connects to a23-10-178-220.deploy.static.akamaitechnologies.com  (23.10.178.220:443)

TCP (HTTP SSL):
Connects to a23-0-210-7.deploy.static.akamaitechnologies.com  (23.0.210.7:443)

TCP (HTTP):
Connects to a104-106-255-142.deploy.static.akamaitechnologies.com  (104.106.255.142:80)

TCP (HTTP):
Connects to 40.1e.2fa9.ip4.static.sl-reverse.com  (169.47.30.64:80)

TCP (HTTP):
Connects to 168.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net  (68.67.178.252:80)

TCP (HTTP SSL):
Connects to server-52-84-132-242.atl52.r.cloudfront.net  (52.84.132.242:443)

Remove cdhtr.exe - Powered by Reason Core Security