home

efister ultimate traffic generating software.exe

eFister Ultimate Traffic Generating Software

eFister.com

The executable efister ultimate traffic generating software.exe has been detected as malware by 16 anti-virus scanners. While running, it connects to the Internet address pccanx2.purechat.com on port 443.
Publisher:
eFister.com

Product:
eFister Ultimate Traffic Generating Software

Version:
2013.3.14.99

MD5:
1d287804575b8b9502c2649b96afbb53

SHA-1:
f4c1e29be888e249beaaa6ec963135956bf169e1

SHA-256:
fe1dadbea8679412a110328fe80b30849256aaf2671bfe9be6640ab71fa7c0e9

Scanner detections:
16 / 68

Status:
Malware

Analysis date:
4/25/2024 10:49:40 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Unwanted/Win32.Agent
2014.07.07

Baidu Antivirus
Trojan.Win32.FlowSpirit
4.0.3.14125

Bitdefender
Trojan.Generic.9421176
1.0.20.1695

Comodo Security
UnclassifiedMalware
18790

Dr.Web
Trojan.DownLoader8.21721
9.0.1.0339

ESET NOD32
Win32/FlowSpirit
8.10054

Fortinet FortiGate
W32/FlowSpirit
12/5/2014

G Data
Trojan.Generic.9421176
14.12.24

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.180.12626

McAfee
Artemis!1D287804575B
5600.6925

MicroWorld eScan
Trojan.Generic.9421176
15.0.0.1017

NANO AntiVirus
Trojan.Win32.Gen5.crgjky
0.28.0.60577

Norman
Suspicious_Gen2.VRSMI
11.20141205

nProtect
Trojan.Generic.9421176
14.07.06.01

Qihoo 360 Security
Win32/Trojan.Multi.daf
1.0.0.1015

File size:
748.5 KB (766,464 bytes)

Product version:
4.0.2.1

Copyright:
Copyright 2012-13 eFister.com All Rights Reserved.

Original file name:
eFisterTraffic.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\efister ultimate traffic generating software.exe

File PE Metadata
Compilation timestamp:
3/14/2013 2:53:03 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:mw7n1OHcwbnObHCEE7TmsYPtXwFz142RaDJSKTOmVnRQ0D:mwZO8wbnObHCEE7T3CoBfaDJNTO+vD

Entry address:
0x4D598

Entry point:
E8, 4C, BE, 00, 00, E9, 17, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8D, 42, FF, 5B, C3, 8D, A4, 24, 00, 00, 00, 00, 8D, 64, 24, 00, 33, C0, 8A, 44, 24, 08, 53, 8B, D8, C1, E0, 08, 8B, 54, 24, 08, F7, C2, 03, 00, 00, 00, 74, 15, 8A, 0A, 83, C2, 01, 3A, CB, 74, CF, 84, C9, 74, 51, F7, C2, 03, 00, 00, 00, 75, EB, 0B, D8, 57, 8B, C3, C1, E3, 10, 56, 0B, D8, 8B, 0A, BF, FF, FE, FE, 7E, 8B, C1, 8B, F7, 33, CB, 03, F0, 03, F9, 83, F1, FF, 83, F0, FF, 33, CF, 33, C6, 83, C2, 04, 81, E1...
 
[+]

Code size:
444 KB (454,656 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to server-54-230-46-41.fra6.r.cloudfront.net  (54.230.46.41:443)

TCP (HTTP SSL):
Connects to server-54-192-47-252.fra6.r.cloudfront.net  (54.192.47.252:443)

TCP (HTTP):
Connects to server-54-192-47-100.fra6.r.cloudfront.net  (54.192.47.100:80)

TCP (HTTP SSL):
Connects to server-54-192-46-224.fra6.r.cloudfront.net  (54.192.46.224:443)

TCP (HTTP SSL):
Connects to pccanx2.purechat.com  (72.51.44.153:443)

TCP (HTTP):
Connects to float.1319.bm-impbus.prod.fra1.adnexus.net  (37.252.170.68:80)

TCP (HTTP):
Connects to float.1271.bm-impbus.prod.fra1.adnexus.net  (37.252.170.23:80)

TCP (HTTP):
Connects to ec2-54-88-49-148.compute-1.amazonaws.com  (54.88.49.148:80)

TCP (HTTP):
Connects to ec2-54-77-25-112.eu-west-1.compute.amazonaws.com  (54.77.25.112:80)

TCP (HTTP):
Connects to ec2-54-201-235-47.us-west-2.compute.amazonaws.com  (54.201.235.47:80)

TCP (HTTP):
Connects to ec2-23-23-107-212.compute-1.amazonaws.com  (23.23.107.212:80)

TCP (HTTP):
Connects to ber01s09-in-f25.1e100.net  (173.194.32.249:80)

TCP (HTTP SSL):
Connects to a95-100-59-120.deploy.akamaitechnologies.com  (95.100.59.120:443)

TCP (HTTP):
Connects to a23-54-107-27.deploy.static.akamaitechnologies.com  (23.54.107.27:80)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.