home

eudcedit.exe

The application eudcedit.exe has been detected as a potentially unwanted program by 32 anti-malware scanners.
MD5:
e57e3cabc1d99ddd72754ad551b8045d

SHA-1:
1b83f55ebd832c4df3aab178c9c8cdc0ef7f832c

Scanner detections:
32 / 68

Status:
Potentially unwanted

Analysis date:
4/24/2024 2:40:33 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.6550
770

Agnitum Outpost
Trojan.Agent
7.1.1

AhnLab V3 Security
Trojan/Win32.Necurs
2014.12.20

Avira AntiVirus
TR/Asterope.A.151
7.11.196.234

avast!
Win32:Dropper-gen [Drp]
2014.9-141226

AVG
Win32/DH
2015.0.3248

Bitdefender
Gen:Variant.Kazy.6550
1.0.20.1800

Bkav FE
W32.CaptivaM.Trojan
1.3.0.6267

Comodo Security
UnclassifiedMalware
20423

Dr.Web
Trojan.Asterope.5
9.0.1.0360

Emsisoft Anti-Malware
Gen:Variant.Kazy.6550
8.14.12.26.10

ESET NOD32
Win32/Agent.VPS (variant)
8.10907

Fortinet FortiGate
W32/Agent.VPS!tr
12/26/2014

F-Secure
Gen:Variant.Kazy.6550
11.2014-26-12_6

G Data
Gen:Variant.Kazy.6550
14.12.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.8.5.0

K7 AntiVirus
Unwanted-Program
13.188.14395

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.2735

Malwarebytes
Trojan.Agent.EV
v2014.12.26.10

McAfee
RDN/Generic.dx!dhk
5600.6904

Microsoft Security Essentials
Trojan:Win32/Ropest.G
1.11302

MicroWorld eScan
Gen:Variant.Kazy.6550
15.0.0.1080

NANO AntiVirus
Trojan.Win32.Asterope.dkainh
0.28.6.64267

Norman
Malware
11.20141226

Quick Heal
Trojan.Ropest.r4
12.14.14.00

Reason Heuristics
Threat.Win.Reputation.IMP
15.1.2.0

Sophos
Troj/Agent-AJRA
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Dropper
10153

Total Defense
Win32/Tnega.JUadYF
37.0.11339

Trend Micro House Call
TROJ_GEN.R03BC0DL914
7.2.360

Trend Micro
TROJ_GEN.R03BC0DL914
10.465.26

VIPRE Antivirus
Trojan.Win32.Generic
35916

File size:
99.5 KB (101,888 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\Application data\microsoft\windows\ieupdate\eudcedit.exe

File PE Metadata
Compilation timestamp:
12/8/2004 8:42:03 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:sUnmmwwv/AfIzrpsDOIlr6iIKSB17iFoqxmbXsT:BmmVYQHCDRlVIKSB17oQX

Entry address:
0x569E

Entry point:
55, 8B, EC, 83, E4, F8, 81, EC, 0C, 08, 00, 00, 53, 56, 57, E8, EE, BE, FF, FF, E8, 7E, F9, FF, FF, 33, F6, 84, C0, 0F, 84, F8, 02, 00, 00, 8D, 84, 24, 88, 06, 00, 00, 50, 68, 02, 02, 00, 00, FF, 15, 3C, 53, 41, 00, 85, C0, 0F, 85, DD, 02, 00, 00, 8D, 44, 24, 14, 50, 6A, 0A, 89, 74, 24, 18, FF, 15, F0, 50, 41, 00, 50, FF, 15, 08, 50, 41, 00, 85, C0, 74, 23, 8D, 44, 24, 10, 50, 6A, 01, 6A, 02, 56, 68, 00, 00, 00, 02, FF, 74, 24, 28, FF, 15, 00, 50, 41, 00, FF, 74, 24, 14, E8, 7B, 0A, 00, 00, 59, 56, FF, 74...
 
[+]

Entropy:
6.6626

Developed / compiled with:
Microsoft Visual C++

Code size:
78.5 KB (80,384 bytes)

Scrnsave
Name:
eudcedit.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to yv-in-f95.1e100.net  (74.125.21.95:80)

TCP (HTTP SSL):
Connects to vip1.g.cachefly.net  (205.234.175.175:443)

TCP (HTTP):
Connects to uk3.onlineservernetwork.com  (91.109.247.12:80)

TCP (HTTP SSL):
Connects to storage9-l3.flickr.vip.bf1.yahoo.com  (72.30.198.117:443)

TCP (HTTP):
Connects to server-54-239-142-34.mia50.r.cloudfront.net  (54.239.142.34:80)

TCP (HTTP):
Connects to server-54-230-82-7.mia50.r.cloudfront.net  (54.230.82.7:80)

TCP (HTTP):
Connects to server-54-230-82-40.mia50.r.cloudfront.net  (54.230.82.40:80)

TCP (HTTP):
Connects to server-54-230-82-21.mia50.r.cloudfront.net  (54.230.82.21:80)

TCP (HTTP):
Connects to server-54-230-82-112.mia50.r.cloudfront.net  (54.230.82.112:80)

TCP (HTTP):
Connects to server-54-192-80-93.mia50.r.cloudfront.net  (54.192.80.93:80)

TCP (HTTP):
Connects to s3-1.amazonaws.com  (54.231.9.144:80)

TCP (HTTP):
Connects to rtax.criteo.com  (74.119.118.100:80)

TCP (HTTP SSL):
Connects to r-199-59-148-84.twttr.com  (199.59.148.84:443)

TCP (HTTP):
Connects to media.dc6.vcmedia.com  (8.18.45.90:80)

TCP (HTTP):
Connects to map2.hwcdn.net  (205.185.216.10:80)

TCP:
Connects to li727-209.members.linode.com  (23.239.21.209:8007)

TCP (HTTP):
Connects to jumptap.com  (209.94.144.19:80)

TCP (HTTP):
Connects to h019.bloomdigital.com  (205.204.71.148:80)

TCP (HTTP):
Connects to float.675.bm-impbus.prod.nym2.adnexus.net  (68.67.153.109:80)

TCP (HTTP):
Connects to float.656.bm-impbus.prod.nym2.adnexus.net  (68.67.152.200:80)

Remove eudcedit.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.