dsjrdhmsdoen.exe

The executable dsjrdhmsdoen.exe has been detected as malware by 2 anti-virus scanners. It runs as a windows Service named “Group Instrumentation WWAN Collector”. While running, it connects to the Internet address cluster006.ovh.net on port 80 using the HTTP protocol.
MD5:
72ab9efd2eab84088045e71b3914f66a

SHA-1:
1530c36beb83ac946293abf5f89809cffeb27ea1

SHA-256:
12c1a5be2158aa6d62c1fcca02b8e607564516485beb24241e9f3fcc7dccf783

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
11/14/2018 4:09:28 AM UTC  (a few moments ago)

Scan engine
Detection
Engine version

avast!
Win32:Trojan-gen
160917-0

ESET NOD32
Win32/Bayrob.BS trojan
6.3.12010.0

File size:
2 MB (2,059,264 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\dsjrdhmsdoen.exe

File PE Metadata
Compilation timestamp:
9/13/2014 9:09:20 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x18CC4B

Entry point:
E8, 3F, 90, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, B0, E1, 5A, 00, E8, EF, 0E, 00, 00, E8, FB, 33, 00, 00, 0F, B7, F0, 6A, 02, E8, D2, 8F, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, A7, 04, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, 22, 01, 00, 00, 59, E8...
 
[+]

Code size:
1.7 MB (1,734,656 bytes)

Service
Display name:
Group Instrumentation WWAN Collector

Type:
Win32OwnProcess, InteractiveProcess


The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to 188-173-118-76.next-gen.ro  (188.173.118.76:24137)

TCP:
Connects to ppp046177217248.access.hol.gr  (46.177.217.248:42431)

TCP (HTTP):
Connects to ip234.208-100-26.static.steadfastdns.net  (208.100.26.234:80)

TCP (HTTP):
Connects to ip-23-229-224-100.ip.secureserver.net  (23.229.224.100:80)

TCP (HTTP):
Connects to ip-184-168-221-48.ip.secureserver.net  (184.168.221.48:80)

TCP (HTTP):
Connects to ec2-52-1-32-25.compute-1.amazonaws.com  (52.1.32.25:80)

TCP:
Connects to cpe-186-18-85-65.telecentro-reversos.com.ar  (186.18.85.65:33166)

TCP:
Connects to CPE-139-168-0-170.lns7.lon.bigpond.net.au  (139.168.0.170:45409)

TCP (HTTP):
Connects to cluster006.ovh.net  (213.186.33.17:80)

TCP:
Connects to bba163507.alshamil.net.ae  (217.165.219.185:38955)

TCP (HTTP):
Connects to ags-ws01.ags-capital.com  (75.126.38.98:80)

TCP:
Connects to 94.196.77.217.threembb.co.uk  (94.196.77.217:43118)

TCP:
Connects to 91.98.120.190.pol.ir  (91.98.120.190:50461)

TCP:
Connects to 88.190.189.59.starhub.net.sg  (59.189.190.88:30519)

TCP:
Connects to 188.26.113.15-static.cluj.rdsnet.ro  (188.26.113.15:23410)

Remove dsjrdhmsdoen.exe - Powered by Reason Core Security