eyhtcdaa.exe

Blueis

This is the Tightrope WebInstall which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file eyhtcdaa.exe by Blueis has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Tightrope WebInstall installer. It is also typically executed from the user's temporary directory.
Publisher:
Blueis  (signed and verified)

Product:
Blueis

Version:
52.0.1.7659

MD5:
c3b2aa3aea0a6b0d95bbc38d9da279e8

SHA-1:
32df932ea30d045630e6fd8ff46a4c53334d5419

SHA-256:
5721fcff534797ee8ab8b5a6beda511cad5a5f5631b3a0fa74d622a523d4d29b

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
5/27/2020 3:43:45 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Tightrope.Blueis.Bundler (M)
15.11.27.7

File size:
870.6 KB (891,480 bytes)

Product version:
52.0.1.7659

Copyright:
Copyright (C) 2015

Original file name:
setup.exe

Bundler/Installer:
Tightrope WebInstall

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\eyhtcdaa.exe.part

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
11/11/2015 2:23:38 PM

Valid to:
9/15/2016 8:46:38 PM

Subject:
CN=Blueis, O=Blueis, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
05824772F61FAE32

File PE Metadata
Compilation timestamp:
10/28/2014 7:58:01 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:TpXz6VLgBcfWleBtlQmGRWh0bhyFQ6eJoNG:hEgBcfWle77GRc0lyF

Entry address:
0x209A

Entry point:
E8, 71, B8, 00, 00, E9, 73, B1, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 8B, 45, 08, 53, 8B, 5D, 14, 56, 8B, 73, 08, 33, 30, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0B, 8B, 4E, 04, 03, CF, 33, 0C, 38, FF, 55, 0C, 8B, 4E, 0C, 8B, 56, 08, 03, CF, 33, 0C, 3A, FF, 55, 0C, 8B, 45, 10, F6, 40, 04, 66, 0F, 85, 12, 01, 00, 00, 8D, 4D, E8, 89, 4B, FC, 8B, 5B, 0C, 89, 45, E8, 8B, 45, 18, 89, 45, EC, 83, FB, FE, 74, 60, EB, 06...
 
[+]

Entropy:
7.9689  (probably packed)

Code size:
52.5 KB (53,760 bytes)

Remove eyhtcdaa.exe - Powered by Reason Core Security