home

ic-0.411480c6062cdc.exe

Beijing Caiyunshidai Technology Co., Ltd.

The application ic-0.411480c6062cdc.exe by Beijing Caiyunshidai Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address server-54-230-216-229.mrs50.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Beijing Caiyunshidai Technology Co., Ltd.  (signed and verified)

MD5:
736b2e233a556e1619e12cb6f9e7f959

SHA-1:
f29cdcc4d337dc0fb0d399c3d30ebdbdbd92f048

SHA-256:
6e3758af212c6aafbb5c1e5a357d445d28c671a48be05bc6e925805e5b6f3d7f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/14/2024 8:04:18 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.ELEX.SpeedSearch (M)
17.1.23.23

File size:
410.7 KB (420,584 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\ic-0.411480c6062cdc.exe

Digital Signature
Signed by:
Beijing Caiyunshidai Technology Co., Ltd.

Authority:
thawte, Inc.

Valid from:
1/17/2017 2:00:00 AM

Valid to:
3/4/2017 1:59:59 AM

Subject:
CN="Beijing Caiyunshidai Technology Co., Ltd.", O="Beijing Caiyunshidai Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
5CA1EF4409BED5441078E4EC71840A58

File PE Metadata
Compilation timestamp:
1/17/2017 3:52:34 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x32C0

Entry point:
E8, F5, 3D, 00, 00, E9, AD, 92, 00, 00, 55, 8B, EC, 6A, 00, FF, 75, 08, E8, A9, 28, 00, 00, 59, 59, 5D, C3, 55, 8B, EC, 56, 8B, 75, 08, 85, F6, 74, 1B, 6A, E0, 33, D2, 58, F7, F6, 3B, 45, 0C, 73, 0F, E8, 51, 11, 00, 00, C7, 00, 0C, 00, 00, 00, 33, C0, EB, 51, 0F, AF, 75, 0C, 85, F6, 75, 01, 46, 33, C9, 83, FE, E0, 77, 15, 56, 6A, 08, FF, 35, 94, 5E, 46, 00, FF, 15, 58, D0, 45, 00, 8B, C8, 85, C9, 75, 2A, 83, 3D, 90, 5E, 46, 00, 00, 74, 14, 56, E8, CF, DE, FF, FF, 59, 85, C0, 75, D0, 8B, 45, 10, 85, C0, 74...
 
[+]

Entropy:
7.8100  (probably packed)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-216-229.mrs50.r.cloudfront.net  (54.230.216.229:80)

TCP (HTTP):
Connects to server-54-230-163-68.jax1.r.cloudfront.net  (54.230.163.68:80)

TCP (HTTP):
Connects to server-54-230-163-46.jax1.r.cloudfront.net  (54.230.163.46:80)

TCP (HTTP):
Connects to server-54-230-163-254.jax1.r.cloudfront.net  (54.230.163.254:80)

TCP (HTTP):
Connects to server-54-230-163-240.jax1.r.cloudfront.net  (54.230.163.240:80)

TCP (HTTP):
Connects to server-54-230-163-181.jax1.r.cloudfront.net  (54.230.163.181:80)

TCP (HTTP):
Connects to server-54-230-163-150.jax1.r.cloudfront.net  (54.230.163.150:80)

TCP (HTTP):
Connects to server-54-192-37-48.jfk1.r.cloudfront.net  (54.192.37.48:80)

TCP (HTTP):
Connects to server-54-192-37-210.jfk1.r.cloudfront.net  (54.192.37.210:80)

TCP (HTTP):
Connects to server-54-192-37-100.jfk1.r.cloudfront.net  (54.192.37.100:80)

Remove ic-0.411480c6062cdc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.