home

ic-0.cc7c49476df35.exe

Beijing Caiyunshidai Technology Co., Ltd.

The application ic-0.cc7c49476df35.exe by Beijing Caiyunshidai Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address server-52-85-77-192.lax3.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Beijing Caiyunshidai Technology Co., Ltd.  (signed and verified)

MD5:
e28f6b69cb511778cfb4df970f33acbf

SHA-1:
a12aca056566526e944c021d0b7cc6a94c345d6a

SHA-256:
38f442bea42ba68ef15ad989f355af21f9123e5a10aa8ba5d7e3ef45f390a1d0

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/24/2024 11:02:12 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.ELEX.SpeedSearch (M)
17.2.20.23

File size:
417.5 KB (427,520 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\ic-0.cc7c49476df35.exe

Digital Signature
Signed by:
Beijing Caiyunshidai Technology Co., Ltd.

Authority:
thawte, Inc.

Valid from:
1/20/2017 10:00:00 PM

Valid to:
3/3/2017 8:59:59 PM

Subject:
CN="Beijing Caiyunshidai Technology Co., Ltd.", O="Beijing Caiyunshidai Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
378DEFDD636617682E5EC12F97DFF1D2

File PE Metadata
Compilation timestamp:
2/13/2017 12:20:47 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x260F

Entry point:
E8, 3C, 2B, 00, 00, E9, 8D, 8C, 00, 00, 6A, 10, 68, F0, 3F, 46, 00, E8, 2B, 90, 00, 00, 83, CF, FF, E8, 92, 0E, 00, 00, 8B, D8, 89, 5D, E0, E8, 78, 37, 00, 00, 8B, 73, 68, FF, 75, 08, E8, 34, 91, 00, 00, 59, 89, 45, 08, 3B, 46, 04, 0F, 84, 68, 01, 00, 00, 68, 20, 02, 00, 00, E8, 1E, 79, 00, 00, 59, 8B, D8, 85, DB, 0F, 84, 55, 01, 00, 00, B9, 88, 00, 00, 00, 8B, 45, E0, 8B, 70, 68, 8B, FB, F3, A5, 33, F6, 89, 33, 53, FF, 75, 08, E8, 1C, 34, 00, 00, 59, 59, 8B, F8, 89, 7D, 08, 85, FF, 0F, 85, 07, 01, 00, 00...
 
[+]

Code size:
375.5 KB (384,512 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-52-84-246-234.sfo20.r.cloudfront.net  (52.84.246.234:80)

TCP (HTTP):
Connects to server-52-84-246-215.sfo20.r.cloudfront.net  (52.84.246.215:80)

TCP (HTTP):
Connects to server-54-192-19-224.iad12.r.cloudfront.net  (54.192.19.224:80)

TCP (HTTP):
Connects to server-52-85-83-229.lax1.r.cloudfront.net  (52.85.83.229:80)

TCP (HTTP):
Connects to server-52-85-83-168.lax1.r.cloudfront.net  (52.85.83.168:80)

TCP (HTTP):
Connects to server-52-85-83-132.lax1.r.cloudfront.net  (52.85.83.132:80)

TCP (HTTP):
Connects to server-52-85-77-86.lax3.r.cloudfront.net  (52.85.77.86:80)

TCP (HTTP):
Connects to server-52-84-246-187.sfo20.r.cloudfront.net  (52.84.246.187:80)

TCP (HTTP):
Connects to server-52-84-246-127.sfo20.r.cloudfront.net  (52.84.246.127:80)

TCP (HTTP):
Connects to server-54-230-216-94.mrs50.r.cloudfront.net  (54.230.216.94:80)

TCP (HTTP):
Connects to server-52-84-246-13.sfo20.r.cloudfront.net  (52.84.246.13:80)

TCP (HTTP):
Connects to server-54-230-216-13.mrs50.r.cloudfront.net  (54.230.216.13:80)

TCP (HTTP):
Connects to server-54-230-141-31.sfo5.r.cloudfront.net  (54.230.141.31:80)

TCP (HTTP):
Connects to server-54-192-19-70.iad12.r.cloudfront.net  (54.192.19.70:80)

TCP (HTTP):
Connects to server-54-192-19-32.iad12.r.cloudfront.net  (54.192.19.32:80)

TCP (HTTP):
Connects to server-52-85-83-7.lax1.r.cloudfront.net  (52.85.83.7:80)

TCP (HTTP):
Connects to server-52-85-83-158.lax1.r.cloudfront.net  (52.85.83.158:80)

TCP (HTTP):
Connects to server-52-85-83-128.lax1.r.cloudfront.net  (52.85.83.128:80)

TCP (HTTP):
Connects to server-52-85-83-127.lax1.r.cloudfront.net  (52.85.83.127:80)

TCP (HTTP):
Connects to server-52-85-83-119.lax1.r.cloudfront.net  (52.85.83.119:80)

Remove ic-0.cc7c49476df35.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.