home

germinal.exe

ten

The application germinal.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named 38840388 triggered to execute each time a user logs in.
Product:
ten

Version:
1.0.0.0

MD5:
b8e93cabdaf790e536fe8d4676456107

SHA-1:
97628dd7a46f814b9c1aa2ba01698c581220a769

SHA-256:
e728d4cf15cd484c7938c1662082146956db1edeffba6328fc0795249a2921ae

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
5/7/2024 8:15:45 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Adware.Dotdo.AP application
6.3.12010.0

Reason Heuristics
Adware.Dotdo.ET (M)
17.1.24.5

File size:
453 KB (463,872 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2016

Original file name:
germinal.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\spaces\germinal.exe

File PE Metadata
Compilation timestamp:
12/4/2016 10:47:25 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x7296A

Entry point:
FF, 25, 78, 29, 47, 00, 00, 00, 00, 00, 00, 00, 00, 00, 4C, 29, 07, 00, 00, 00, 00, 00, 00, 00, 00, 00, 8D, 3A, 44, 58, 00, 00, 00, 00, 02, 00, 00, 00, 4D, 00, 00, 00, 9C, 29, 07, 00, 9C, 0B, 07, 00, 52, 53, 44, 53, 89, B5, 75, 2C, A4, 91, 33, 4D, BC, DB, EE, C0, 15, AB, 14, A7, 01, 00, 00, 00, 43, 3A, 5C, 55, 73, 65, 72, 73, 5C, 41, 64, 6D, 69, 6E, 69, 73, 74, 72, 61, 74, 6F, 72, 5C, 44, 65, 73, 6B, 74, 6F, 70, 5C, 67, 65, 72, 6D, 69, 6E, 61, 6C, 5C, 67, 65, 72, 6D, 69, 6E, 61, 6C, 2E, 70, 64, 62, 00, 00...
 
[+]

Entropy:
5.7948

Code size:
450.5 KB (461,312 bytes)

Scheduled Task
Task name:
38840388

Trigger:
Logon (Runs on logon)

Description:
3884038838840388


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-192-55-87.jfk6.r.cloudfront.net  (54.192.55.87:80)

TCP (HTTP SSL):
Connects to server-52-85-89-88.jfk6.r.cloudfront.net  (52.85.89.88:443)

TCP (HTTP SSL):
Connects to qn-in-f156.1e100.net  (74.125.192.156:443)

TCP (HTTP):
Connects to iad23s41-in-f78.1e100.net  (216.58.217.78:80)

TCP (HTTP SSL):
Connects to iad23s41-in-f74.1e100.net  (216.58.217.74:443)

TCP (HTTP):
Connects to iad23s41-in-f6.1e100.net  (216.58.217.70:80)

TCP (HTTP SSL):
Connects to ec2-52-72-172-239.compute-1.amazonaws.com  (52.72.172.239:443)

TCP (HTTP):
Connects to ec2-52-206-162-106.compute-1.amazonaws.com  (52.206.162.106:80)

TCP (HTTP):
Connects to cdce.acs006.internap.com  (64.74.126.6:80)

Remove germinal.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.