home

ic-0.69e75b293a052c.exe

Yuanyuan Mei

The application ic-0.69e75b293a052c.exe by Yuanyuan Mei has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address server-54-192-3-42.lhr5.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Yuanyuan Mei  (signed and verified)

MD5:
cd8211c76a65811e225ec283f667845e

SHA-1:
9dfd7c3af9515fe2388131ed6300637a88054768

SHA-256:
b8117a8f49227e7fcebd372aa6ba3e4c17233c7d38584d6b630b248fb3c843aa

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 5:57:55 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Elex (M)
17.2.22.12

File size:
415 KB (424,944 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\ic-0.69e75b293a052c.exe

Digital Signature
Signed by:
Yuanyuan Mei

Authority:
thawte, Inc.

Valid from:
1/21/2017 8:00:00 AM

Valid to:
4/21/2017 7:59:59 AM

Subject:
CN=Yuanyuan Mei, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
640C22DC58BD6AF247FF7DDA32BB54EC

File PE Metadata
Compilation timestamp:
2/13/2017 10:37:15 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x9466

Entry point:
E8, 9D, 98, FF, FF, E9, 76, 1E, 00, 00, 56, 8B, F1, 85, F6, 74, 54, 53, 33, DB, 39, 5E, 0C, 74, 0F, 8B, 06, 53, 53, FF, 76, 04, 8B, 40, 28, 03, 46, 04, FF, D0, 57, 8B, 7E, 04, 85, FF, 74, 33, 53, 53, 53, FF, 15, 68, 63, 46, 00, 50, FF, 15, 64, 63, 46, 00, B9, 30, 3B, 46, 00, E8, 47, 0E, 00, 00, 8B, F0, E8, 45, 0E, 00, 00, 8B, D6, 8B, C8, E8, CC, 13, 00, 00, 68, 00, 80, 00, 00, 53, 57, FF, D0, 5F, 5B, 5E, C3, 55, 8B, EC, A1, F0, 9D, 46, 00, 33, 05, 00, 50, 46, 00, 74, 1B, 33, C9, 51, 51, 51, FF, 75, 1C, FF...
 
[+]

Entropy:
7.8321  (probably packed)

Code size:
373 KB (381,952 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-192-3-99.lhr5.r.cloudfront.net  (54.192.3.99:80)

TCP (HTTP):
Connects to server-54-192-19-99.iad12.r.cloudfront.net  (54.192.19.99:80)

TCP (HTTP):
Connects to server-52-85-83-68.lax1.r.cloudfront.net  (52.85.83.68:80)

TCP (HTTP):
Connects to server-54-230-81-214.mia50.r.cloudfront.net  (54.230.81.214:80)

TCP (HTTP):
Connects to server-54-192-3-46.lhr5.r.cloudfront.net  (54.192.3.46:80)

TCP (HTTP):
Connects to server-54-192-3-42.lhr5.r.cloudfront.net  (54.192.3.42:80)

TCP (HTTP):
Connects to server-52-85-83-132.lax1.r.cloudfront.net  (52.85.83.132:80)

TCP (HTTP):
Connects to server-52-85-63-20.lhr50.r.cloudfront.net  (52.85.63.20:80)

TCP (HTTP):
Connects to server-52-85-63-171.lhr50.r.cloudfront.net  (52.85.63.171:80)

TCP (HTTP):
Connects to server-54-230-216-47.mrs50.r.cloudfront.net  (54.230.216.47:80)

TCP (HTTP):
Connects to server-54-230-141-59.sfo5.r.cloudfront.net  (54.230.141.59:80)

TCP (HTTP):
Connects to server-54-230-141-35.sfo5.r.cloudfront.net  (54.230.141.35:80)

TCP (HTTP):
Connects to server-54-230-141-34.sfo5.r.cloudfront.net  (54.230.141.34:80)

TCP (HTTP):
Connects to server-54-230-141-127.sfo5.r.cloudfront.net  (54.230.141.127:80)

TCP (HTTP):
Connects to server-52-85-83-128.lax1.r.cloudfront.net  (52.85.83.128:80)

TCP (HTTP):
Connects to server-52-85-133-10.iad53.r.cloudfront.net  (52.85.133.10:80)

TCP (HTTP):
Connects to server-54-230-81-54.mia50.r.cloudfront.net  (54.230.81.54:80)

TCP (HTTP):
Connects to server-52-85-83-140.lax1.r.cloudfront.net  (52.85.83.140:80)

TCP (HTTP):
Connects to server-52-85-83-123.lax1.r.cloudfront.net  (52.85.83.123:80)

TCP (HTTP):
Connects to server-52-85-63-70.lhr50.r.cloudfront.net  (52.85.63.70:80)

Remove ic-0.69e75b293a052c.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.