home

dailybee.exe

DailyWiki

The executable dailybee.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘DailyBee’. While running, it connects to the Internet address bcvippc02.rightnowtech.com on port 443.
Publisher:
DailyWiki  (signed and verified)

MD5:
a03cd65c45cb02ae0839beba2591d6e2

SHA-1:
7026c86e5494dd2bec064d8b23d0f4ca7832b554

SHA-256:
a73570c6d42303cd08c81d71d8ae6e7431e1a5fc24e6707b7d1b5a9d690baee7

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
4/24/2024 3:02:28 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.12.1.7

File size:
45.6 MB (47,826,088 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\dailybee\dailybee.exe

Digital Signature
Signed by:
DailyWiki

Authority:
DailyWiki

Valid from:
9/19/2015 3:16:51 PM

Valid to:
9/16/2025 3:16:51 PM

Subject:
CN=DailyWiki, O=DailyWiki, S=Some-State, C=US

Issuer:
CN=DailyWiki, O=DailyWiki, S=Some-State, C=US

Serial number:
00DE81C7E6A224F568

File PE Metadata
Compilation timestamp:
2/20/2016 8:43:51 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
786432:EuK9C64r1c7VQZgnUrurLpbH05yL5dsuUQq6+4UYOkdOXQOJxO:ZwC64r1c6ZgnUSrLpbUAdBUQq6/BLq3O

Entry address:
0x1C9A031

Entry point:
E8, 5A, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, A8, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, A8, EC, 02, 5D, C3, E8, 09, 21, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CC, 21, 00, 00, 59, F6, 05, 20, A8, EC, 02, 02, 74, 21, 6A, 17, E8, D9, 20, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A9, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 16, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75...
 
[+]

Code size:
34.9 MB (36,634,112 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
DailyBee

Command:
C:\users\{user}\appdata\roaming\dailybee\dailybee.exe su


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to bcvippc02.rightnowtech.com  (74.117.200.17:443)

TCP (HTTP SSL):
Connects to vippc01-lgcy.rightnowtech.com  (74.117.200.195:443)

TCP (HTTP SSL):
Connects to a104-85-36-102.deploy.static.akamaitechnologies.com  (104.85.36.102:443)

TCP (HTTP SSL):
Connects to a104-85-19-163.deploy.static.akamaitechnologies.com  (104.85.19.163:443)

TCP (HTTP SSL):
Connects to a23-201-196-43.deploy.static.akamaitechnologies.com  (23.201.196.43:443)

TCP (HTTP):
Connects to a104-94-4-197.deploy.static.akamaitechnologies.com  (104.94.4.197:80)

TCP (HTTP SSL):
Connects to a104-93-241-48.deploy.static.akamaitechnologies.com  (104.93.241.48:443)

TCP (HTTP SSL):
Connects to a104-85-53-171.deploy.static.akamaitechnologies.com  (104.85.53.171:443)

TCP (HTTP SSL):
Connects to a104-94-6-199.deploy.static.akamaitechnologies.com  (104.94.6.199:443)

TCP (HTTP SSL):
Connects to ec2-52-72-174-89.compute-1.amazonaws.com  (52.72.174.89:443)

TCP (HTTP SSL):
Connects to ec2-52-204-191-67.compute-1.amazonaws.com  (52.204.191.67:443)

TCP (HTTP SSL):
Connects to msnbot-207-46-194-10.search.msn.com  (207.46.194.10:443)

TCP (HTTP SSL):
Connects to ec2-54-93-210-130.eu-central-1.compute.amazonaws.com  (54.93.210.130:443)

TCP (HTTP SSL):
Connects to ec2-54-246-96-140.eu-west-1.compute.amazonaws.com  (54.246.96.140:443)

TCP (HTTP):
Connects to xx-fbcdn-shv-01-cdg2.fbcdn.net  (179.60.192.7:80)

TCP (HTTP SSL):
Connects to server-54-192-119-170.sfo9.r.cloudfront.net  (54.192.119.170:443)

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.ir2.yahoo.com  (217.12.15.96:443)

TCP (HTTP SSL):
Connects to local.dishnetwork.com  (66.170.250.4:443)

TCP (HTTP SSL):
Connects to instagram-p3-shv-01-cdg2.fbcdn.net  (179.60.192.52:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-cdg2.facebook.com  (179.60.192.36:443)

Remove dailybee.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.