feeddemon.exe

NewsGator Technologies, Inc.

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘FeedDemon’. This file is installed with the program FeedDemon.
Publisher:
NewsGator Technologies, Inc.  (signed and verified)

Description:
FeedDemon

Version:
4.1.0.0

MD5:
960a1e58ac390cfe00e0220132cbe912

SHA-1:
6dde81e1847cb358bd1b1e54ab2d65ed34361c89

SHA-256:
8651299e16361c54bc1a44c29e6a37a0b1557f827f83f8aad295ba515f5cfadf

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/29/2016 2:51:59 AM UTC  (ten months ago)

Scan engine
Detection
Engine version

Trend Micro House Call
TROJ_GEN.F47V0905
7.2.353

File size:
7.2 MB (7,500,288 bytes)

Product version:
4.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\feeddemon\feeddemon.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
8/26/2010 7:00:00 PM

Valid to:
8/1/2012 6:59:59 PM

Subject:
CN="NewsGator Technologies, Inc.", OU=SECURE APPLICATION DEVELOPMENT, O="NewsGator Technologies, Inc.", L=Denver, S=Colorado, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
760A40D6B19EAA8E49D45273AE1493C2

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:5Ze3njIcFlcDW5JCSyUqmYzmS6f36pMqVtA0gNwoqsXDzMrK:pA+W5JxyUlYzmSNJAd6uDIW

Entry address:
0x50DD00

Entry point:
55, 8B, EC, B9, 07, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, 56, 57, B8, 08, CB, A0, 00, E8, 5C, A1, AF, FF, 33, C0, 55, 68, 8F, DE, A0, 00, 64, FF, 30, 64, 89, 20, B8, C0, A8, 94, 00, 8B, 15, A8, 9F, A3, 00, 89, 02, 8D, 55, DC, B8, 5D, 00, 00, 00, E8, BC, 36, FF, FF, 8D, 55, DC, 8D, 45, EC, E8, C5, E8, B0, FF, 8B, 45, EC, 50, E8, 9C, 8A, B7, FF, 5A, E8, AA, C4, B2, FF, B8, 70, 5F, A4, 00, E8, CC, 76, AF, FF, 83, 3D, 70, 5F, A4, 00, 00, 74, 15, 8D, 55, D8, A1, 70, 5F, A4, 00, E8, 5E, 02, B0, FF, 8B, 45...
 
[+]

Entropy:
6.7548

Developed / compiled with:
Microsoft Visual C++

Code size:
5.1 MB (5,296,128 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
FeedDemon

Command:
"C:\feeddemon\feeddemon.exe" \startminimized


The file feeddemon.exe has been discovered within the following program.

FeedDemon  by NewsGator Technologies, Inc.
FeedDemon is a free RSS Feed reader for Windows. It is able to synchronize with Google Reader. It is available for the Windows platform.
www.newsgator.com
About 3% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.ixbt.com  (91.208.42.67:80)

TCP (HTTP):
Connects to rl-team.net  (80.82.78.22:80)

TCP (HTTP):
Connects to p.finance.ua  (89.184.80.12:80)

TCP (HTTP):
Connects to lostfilm.tv  (5.199.162.25:80)

TCP (HTTP):
Connects to krabov.net  (91.228.153.187:80)

TCP (HTTP):
Connects to eagle814.startdedicated.com  (69.64.49.158:80)

TCP (HTTP):
Connects to d4424.vps-hosting.lv  (91.226.33.66:80)

TCP (HTTP):
Connects to anon-41-64.vpn.ipredator.se  (46.246.41.64:80)

Scan feeddemon.exe - Powered by Reason Core Security