» dailybee.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (30)

dailybee.exe

DailyWiki

The executable dailybee.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘DailyBee’. This file is typically installed with the program DailyBee - DailyBee for Desktop by DailyBee. While running, it connects to the Internet address server-54-230-196-161.lhr50.r.cloudfront.net on port 443.

File name:

dailybee.exe

Publisher:

DailyWiki (signed and verified)

MD5:

2c0c71a69b7a38de166f27dc0f4060b4

SHA-1:

fe6fa7d1190e045ded3a8d83a6e2fb6a2ab0933d

SHA-256:

a2af3330cca540ec66b6184a576c5dc4d457f4302f9403dfe42aca47862105df

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

4/26/2024 5:46:54 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

16.9.29.8

File size:

45.6 MB (47,813,592 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\dailybee\dailybee.exe

Digital Signature

Signed by:

DailyWiki

Authority:

DailyWiki

Valid from:

9/19/2015 3:46:51 PM

Valid to:

9/16/2025 3:46:51 PM

Subject:

CN=DailyWiki, O=DailyWiki, S=Some-State, C=US

Issuer:

CN=DailyWiki, O=DailyWiki, S=Some-State, C=US

Serial number:

00DE81C7E6A224F568

File PE Metadata

Compilation timestamp:

2/20/2016 9:13:51 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

CTPH (ssdeep):

786432:buK9C64r1c7VQZgnUrurLpbH05yL5dsuUQq6+4UYOkdOXQOX5H:6wC64r1c6ZgnUSrLpbUAdBUQq6/BLqpH

Entry address:

0x1C9A031

Entry point:

E8, 5A, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, A8, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, A8, EC, 02, 5D, C3, E8, 09, 21, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CC, 21, 00, 00, 59, F6, 05, 20, A8, EC, 02, 02, 74, 21, 6A, 17, E8, D9, 20, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A9, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 16, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75... 
[+]

Entropy:

6.8800

Code size:

34.9 MB (36,634,112 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

DailyBee

Command:

C:\users\{user}\appdata\roaming\dailybee\dailybee.exe su

The file dailybee.exe has been discovered within the following program.

DailyBee - DailyBee for Desktop by DailyBee

About 2% of users remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to text-lb.esams.wikimedia.org (91.198.174.192:443)

TCP (HTTP SSL):

Connects to upload-lb.esams.wikimedia.org (91.198.174.208:443)

TCP (HTTP):

Connects to ec2-54-243-117-208.compute-1.amazonaws.com (54.243.117.208:80)

TCP (HTTP):

Connects to ec2-23-21-50-56.compute-1.amazonaws.com (23.21.50.56:80)

TCP (HTTP):

Connects to ip-166-62-110-213.ip.secureserver.net (166.62.110.213:80)

TCP (HTTP SSL):

Connects to rtr3.l7.search.vip.sg3.yahoo.com (106.10.162.43:443)

TCP (HTTP SSL):

Connects to a23-47-237-252.deploy.static.akamaitechnologies.com (23.47.237.252:443)

TCP (HTTP SSL):

Connects to l1.ycs.vip.inc.yahoo.com (203.84.220.80:443)

TCP (HTTP):

Connects to ec2-54-221-206-77.compute-1.amazonaws.com (54.221.206.77:80)

TCP (HTTP):

Connects to ec2-50-19-235-98.compute-1.amazonaws.com (50.19.235.98:80)

TCP (HTTP):

Connects to ec2-174-129-6-130.compute-1.amazonaws.com (174.129.6.130:80)

TCP (HTTP):

Connects to ec2-174-129-208-167.compute-1.amazonaws.com (174.129.208.167:80)

TCP (HTTP SSL):

Connects to server-54-230-196-161.lhr50.r.cloudfront.net (54.230.196.161:443)

TCP (HTTP):

Connects to ec2-54-243-110-76.compute-1.amazonaws.com (54.243.110.76:80)

TCP (HTTP):

Connects to ec2-54-225-154-132.compute-1.amazonaws.com (54.225.154.132:80)

TCP (HTTP):

Connects to ec2-54-204-6-152.compute-1.amazonaws.com (54.204.6.152:80)

TCP (HTTP):

Connects to ec2-54-197-238-140.compute-1.amazonaws.com (54.197.238.140:80)

TCP (HTTP):

Connects to ec2-52-32-186-162.us-west-2.compute.amazonaws.com (52.32.186.162:80)

TCP (HTTP):

Connects to unknown.telstraglobal.net (210.176.156.25:80)

TCP (HTTP SSL):

Connects to server-52-85-249-173.ams50.r.cloudfront.net (52.85.249.173:443)

Remove dailybee.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.