» ed2k.exe
Overview
Analysis
File Details
Behaviors (1)
Network (16)

ed2k.exe

aMuleall

http://www.amuleall.org/

It runs as a windows Service named “ed2k idle service”.

File name:

ed2k.exe

Publisher:

http://www.amuleall.org/

Product:

aMuleall

Description:

ED2K Links Handler

Version:

2.4.0

MD5:

bc8c7c812b3c43663d78d02690652f96

SHA-1:

cc191ebf30e6b17e17b8739bca6c48b001ebee9f

SHA-256:

f29e1b2896207807446da545c49134cb79acd671e45a63ec0177e670b4fed68b

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/26/2024 8:33:26 AM UTC (today)

Scan engine

Detection

Engine version

F-Prot

W32/SuspPack.AA.gen

4.6.5.141

File size:

232.5 KB (238,080 bytes)

Product version:

2.4.0

aMuleall Team ( admin@amule.org )

Original file name:

ed2k.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\amulell\ed2k.exe

File PE Metadata

Compilation timestamp:

1/1/2008 10:55:28 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

7.0

Entry address:

0x1C0

Entry point:

33, C0, C2, 08, 00, 00, 00, 00, 0D, 0A, 0D, 0A, 54, 68, 69, 73, 20, 66, 69, 6C, 65, 20, 77, 61, 73, 20, 73, 61, 6E, 69, 74, 69, 7A, 65, 64, 20, 62, 79, 20, 61, 76, 61, 73, 74, 21, 20, 41, 6E, 74, 69, 76, 69, 72, 75, 73, 2E, 0D, 0A, 0D, 0A, 00, 00, E5, E3, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 20, 00, 00, 60, 2E, 72, 64, 61, 74, 61, 00, 00, 16, B9, 00, 00, 00, D0, 02, 00, 00, BA, 00, 00, 00, C4, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 40, 2E, 64, 61, 74, 61, 00, 00, 00... 
[+]

Code size:

128 Bytes (128 bytes)

Service

Display name:

ed2k idle service

Service name:

ed2kidle

Description:

execute ed2k task in idle time

Type:

Win32OwnProcess, InteractiveProcess

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-52-85-173-231.fra6.r.cloudfront.net (52.85.173.231:80)

TCP (HTTP):

Connects to server-54-230-163-150.jax1.r.cloudfront.net (54.230.163.150:80)

TCP (HTTP):

Connects to server-52-85-63-18.lhr50.r.cloudfront.net (52.85.63.18:80)

TCP (HTTP):

Connects to server-52-85-167-119.gig50.r.cloudfront.net (52.85.167.119:80)

TCP (HTTP):

Connects to server-54-230-150-200.sin2.r.cloudfront.net (54.230.150.200:80)

TCP (HTTP):

Connects to server-54-230-216-245.mrs50.r.cloudfront.net (54.230.216.245:80)

TCP (HTTP):

Connects to server-54-230-0-61.lhr5.r.cloudfront.net (54.230.0.61:80)

TCP (HTTP):

Connects to server-54-192-159-76.sin3.r.cloudfront.net (54.192.159.76:80)

TCP (HTTP):

Connects to server-54-192-130-91.ams50.r.cloudfront.net (54.192.130.91:80)

TCP (HTTP):

Connects to server-54-192-159-4.sin3.r.cloudfront.net (54.192.159.4:80)

TCP (HTTP):

Connects to server-52-85-83-80.lax1.r.cloudfront.net (52.85.83.80:80)

TCP (HTTP):

Connects to server-52-85-167-225.gig50.r.cloudfront.net (52.85.167.225:80)

TCP (HTTP):

Connects to server-52-85-83-11.lax1.r.cloudfront.net (52.85.83.11:80)

TCP (HTTP):

Connects to server-54-230-150-59.sin2.r.cloudfront.net (54.230.150.59:80)

TCP (HTTP):

Connects to server-54-192-98-136.arn1.r.cloudfront.net (54.192.98.136:80)

TCP (HTTP):

Connects to server-54-240-186-81.mad50.r.cloudfront.net (54.240.186.81:80)

Scan ed2k.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.