home

ed2k.exe

aMuleall

http://www.amuleall.org/

It runs as a windows Service named “ed2k idle service”.
Publisher:
http://www.amuleall.org/

Product:
aMuleall

Description:
ED2K Links Handler

Version:
2.4.0

MD5:
87f9330c64915fe5cfc34e0bb1745806

SHA-1:
0ac9ad101b5b4a6f9f5949bc2ac45f0444ce8e6b

SHA-256:
5eff5e7a9ccab9f11fa92175aaea5394854ad8ab88a1cdc3d425162bece2dc74

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/25/2024 4:37:08 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Adware.ELEX.EL application
6.3.12010.0

Qihoo 360 Security
HEUR/QVM10.1.0000.Malware.Gen
1.0.0.1120

File size:
232.5 KB (238,080 bytes)

Product version:
2.4.0

Copyright:
aMuleall Team ( admin@amule.org )

Original file name:
ed2k.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\amulell\ed2k.exe

File PE Metadata
Compilation timestamp:
3/6/2017 4:27:55 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
12.0

Entry address:
0xDD47

Entry point:
E8, CF, C5, 00, 00, E9, 7B, FE, FF, FF, E8, 4C, 70, 00, 00, 8B, D0, 8B, 42, 6C, 3B, 05, 54, 9E, 43, 00, 74, 10, 8B, 0D, 18, 9F, 43, 00, 85, 4A, 70, 75, 05, E8, 8E, 66, 00, 00, 8B, 40, 04, C3, E8, 26, 70, 00, 00, 8B, D0, 8B, 42, 6C, 3B, 05, 54, 9E, 43, 00, 74, 10, 8B, 0D, 18, 9F, 43, 00, 85, 4A, 70, 75, 05, E8, 68, 66, 00, 00, 05, A0, 00, 00, 00, C3, E8, FE, 6F, 00, 00, 8B, D0, 8B, 42, 6C, 3B, 05, 54, 9E, 43, 00, 74, 10, 8B, 0D, 18, 9F, 43, 00, 85, 4A, 70, 75, 05, E8, 40, 66, 00, 00, 8B, 40, 74, C3, 55, 8B...
 
[+]

Code size:
176 KB (180,224 bytes)

Service
Display name:
ed2k idle service

Service name:
ed2kidle

Description:
execute ed2k task in idle time

Type:
Win32OwnProcess, InteractiveProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-192-14-109.ams1.r.cloudfront.net  (54.192.14.109:80)

TCP (HTTP):
Connects to server-52-85-151-207.hkg51.r.cloudfront.net  (52.85.151.207:80)

TCP (HTTP):
Connects to server-52-85-83-41.lax1.r.cloudfront.net  (52.85.83.41:80)

TCP (HTTP):
Connects to server-54-230-150-232.sin2.r.cloudfront.net  (54.230.150.232:80)

TCP (HTTP):
Connects to server-54-192-159-61.sin3.r.cloudfront.net  (54.192.159.61:80)

TCP (HTTP):
Connects to server-54-192-203-188.fra50.r.cloudfront.net  (54.192.203.188:80)

TCP (HTTP):
Connects to server-54-230-216-160.mrs50.r.cloudfront.net  (54.230.216.160:80)

TCP (HTTP):
Connects to server-54-230-216-106.mrs50.r.cloudfront.net  (54.230.216.106:80)

TCP (HTTP):
Connects to server-54-192-75-253.hkg50.r.cloudfront.net  (54.192.75.253:80)

TCP (HTTP):
Connects to server-54-230-95-162.fra2.r.cloudfront.net  (54.230.95.162:80)

TCP (HTTP):
Connects to server-54-192-203-74.fra50.r.cloudfront.net  (54.192.203.74:80)

TCP (HTTP):
Connects to server-52-85-221-76.cdg50.r.cloudfront.net  (52.85.221.76:80)

TCP (HTTP):
Connects to server-54-230-0-213.lhr5.r.cloudfront.net  (54.230.0.213:80)

TCP (HTTP):
Connects to server-54-192-203-85.fra50.r.cloudfront.net  (54.192.203.85:80)

TCP (HTTP):
Connects to server-54-192-159-80.sin3.r.cloudfront.net  (54.192.159.80:80)

TCP (HTTP):
Connects to server-52-85-83-185.lax1.r.cloudfront.net  (52.85.83.185:80)

TCP (HTTP):
Connects to server-52-85-173-249.fra6.r.cloudfront.net  (52.85.173.249:80)

TCP (HTTP):
Connects to server-52-85-173-218.fra6.r.cloudfront.net  (52.85.173.218:80)

TCP (HTTP):
Connects to server-52-85-167-210.gig50.r.cloudfront.net  (52.85.167.210:80)

TCP (HTTP):
Connects to server-54-230-59-108.gru1.r.cloudfront.net  (54.230.59.108:80)

Scan ed2k.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.