» dsjrdhmsdoen.exe
Overview
Analysis
File Details
Behaviors (1)
Network (15)

dsjrdhmsdoen.exe

The executable dsjrdhmsdoen.exe has been detected as malware by 2 anti-virus scanners. It runs as a windows Service named “Group Instrumentation WWAN Collector”. While running, it connects to the Internet address cluster006.ovh.net on port 80 using the HTTP protocol.

File name:

dsjrdhmsdoen.exe

MD5:

72ab9efd2eab84088045e71b3914f66a

SHA-1:

1530c36beb83ac946293abf5f89809cffeb27ea1

SHA-256:

12c1a5be2158aa6d62c1fcca02b8e607564516485beb24241e9f3fcc7dccf783

Scanner detections:

2 / 68

Status:

Malware

Analysis date:

4/25/2024 5:06:55 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Trojan-gen

160917-0

ESET NOD32

Win32/Bayrob.BS trojan

6.3.12010.0

File size:

2 MB (2,059,264 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\windows\dsjrdhmsdoen.exe

File PE Metadata

Compilation timestamp:

9/13/2014 9:09:20 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x18CC4B

Entry point:

E8, 3F, 90, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, B0, E1, 5A, 00, E8, EF, 0E, 00, 00, E8, FB, 33, 00, 00, 0F, B7, F0, 6A, 02, E8, D2, 8F, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, A7, 04, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, 22, 01, 00, 00, 59, E8... 
[+]

Code size:

1.7 MB (1,734,656 bytes)

Service

Display name:

Group Instrumentation WWAN Collector

Type:

Win32OwnProcess, InteractiveProcess

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to 188-173-118-76.next-gen.ro (188.173.118.76:24137)

TCP:

Connects to ppp046177217248.access.hol.gr (46.177.217.248:42431)

TCP (HTTP):

Connects to ip234.208-100-26.static.steadfastdns.net (208.100.26.234:80)

TCP (HTTP):

Connects to ip-23-229-224-100.ip.secureserver.net (23.229.224.100:80)

TCP (HTTP):

Connects to ip-184-168-221-48.ip.secureserver.net (184.168.221.48:80)

TCP (HTTP):

Connects to ec2-52-1-32-25.compute-1.amazonaws.com (52.1.32.25:80)

TCP:

Connects to cpe-186-18-85-65.telecentro-reversos.com.ar (186.18.85.65:33166)

TCP:

Connects to CPE-139-168-0-170.lns7.lon.bigpond.net.au (139.168.0.170:45409)

TCP (HTTP):

Connects to cluster006.ovh.net (213.186.33.17:80)

TCP:

Connects to bba163507.alshamil.net.ae (217.165.219.185:38955)

TCP (HTTP):

Connects to ags-ws01.ags-capital.com (75.126.38.98:80)

TCP:

Connects to 94.196.77.217.threembb.co.uk (94.196.77.217:43118)

TCP:

Connects to 91.98.120.190.pol.ir (91.98.120.190:50461)

TCP:

Connects to 88.190.189.59.starhub.net.sg (59.189.190.88:30519)

TCP:

Connects to 188.26.113.15-static.cluj.rdsnet.ro (188.26.113.15:23410)

Remove dsjrdhmsdoen.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.