dca-monitoring.exe

Compete DCA Monitoring Tool

Compete Inc

The application dca-monitoring.exe by Compete Inc has been detected as a potentially unwanted program by 10 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time.
Publisher:
Compete, Inc.  (signed by Compete Inc)

Product:
Compete DCA Monitoring Tool

Version:
3.2.0.792

MD5:
9e729d496defd9238ff50edbef73e712

SHA-1:
2bc1299da3d232bf731cf25a4f6b80cf24fcbae3

SHA-256:
7b43b3aa09f9493e9778c8cd306c9d856ff2d9a5f2c693efcf03c3226fea0264

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
11/20/2017 5:19:55 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Trash.Gen
3.6.1.96

Bkav FE
W32.HfsAdware
1.3.0.7383

Dr.Web
Adware.Compete.1
9.0.1.048

ESET NOD32
Win32/Compete.C potentially unwanted (variant)
10.12515

IKARUS anti.virus
PUA.Compete
t3scan.1.9.5.0

Malwarebytes
PUP.Optional.Compete
v2016.02.17.09

Reason Heuristics
PUP.Compete (M)
16.2.17.21

SUPERAntiSpyware
PUP.Compete/Variant
9317

Trend Micro House Call
Suspicious_GEN.F47V0301
7.2.48

VIPRE Antivirus
Compete
45002

File size:
1.1 MB (1,182,240 bytes)

Product version:
3.2.0.792

Copyright:
(c) Compete, Inc. All rights reserved.

Original file name:
dca-monitoring.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\consumer input\monitoring\dca-monitoring.exe

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
12/21/2014 6:00:00 PM

Valid to:
3/22/2018 6:59:59 PM

Subject:
CN=Compete Inc, O=Compete Inc, L=Boston, S=Massachusetts, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
0A6DDD60D9E6C4FAA56565923F8669C2

File PE Metadata
Compilation timestamp:
2/9/2016 3:24:24 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:omrIBhNo/ersO+QSpg7I8S4SHJjXIMt4wGTqB/MwcOgn6Sa:ooIBhaU0iM8S44zIMt4wFB/MTOgn6p

Entry address:
0xA6F0C

Entry point:
E8, AF, AD, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 66, 8B, 08, 83, C0, 02, 66, 85, C9, 75, F5, 2B, 45, 08, D1, F8, 48, 5D, C3, 8B, FF, 55, 8B, EC, 51, 51, 8B, 45, 0C, 57, 8B, 7D, 08, 85, C0, 74, 02, 89, 38, 85, FF, 75, 17, E8, 71, 51, 00, 00, C7, 00, 16, 00, 00, 00, E8, E6, 70, 00, 00, 33, C0, E9, 90, 01, 00, 00, 83, 7D, 10, 00, 74, 0C, 83, 7D, 10, 02, 7C, DD, 83, 7D, 10, 24, 7F, D7, 83, 65, FC, 00, 53, 56, 6A, 08, 5B, 0F, B7, 37, 53, 56, 83, C7, 02, E8, 73, AF, 00, 00, 59, 59, 85, C0...
 
[+]

Entropy:
6.5661

Code size:
820.5 KB (840,192 bytes)

Scheduled Task
Task name:
cimt_daily_s-1-5-21-2077510558-369765281-3753722003-1000

Trigger:
Daily (Runs daily at 12:00 AM)

Description:
Updates Consumer Input CIIE activity status.


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to unallocated.barefruit.co.uk  (92.242.140.21:443)

TCP (HTTP SSL):
Connects to ec2-54-174-111-151.compute-1.amazonaws.com  (54.174.111.151:443)

TCP (HTTP SSL):
Connects to ec2-54-208-19-28.compute-1.amazonaws.com  (54.208.19.28:443)

TCP (HTTP SSL):
Connects to agux01vmw10.phx.agu.org  (162.216.40.15:443)

Remove dca-monitoring.exe - Powered by Reason Core Security