home

ic-0.d4a4cd6d01321.exe

Beijing Caiyunshidai Technology Co., Ltd.

The application ic-0.d4a4cd6d01321.exe by Beijing Caiyunshidai Technology Co. has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address server-52-84-126-59.iad16.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Beijing Caiyunshidai Technology Co., Ltd.  (signed and verified)

MD5:
fc3b232d0846bd266fa9583b69057fca

SHA-1:
5bb733492e3bc2269db2548d9219e89098c3a580

SHA-256:
d1652b8219de77de50393aa44a46950ddb810427ae65f0a36601099451d0e02b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/13/2024 11:28:17 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.ELEX.SpeedSearch (M)
17.2.24.20

File size:
409 KB (418,768 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\ic-0.d4a4cd6d01321.exe

Digital Signature
Signed by:
Beijing Caiyunshidai Technology Co., Ltd.

Authority:
thawte, Inc.

Valid from:
1/16/2017 7:00:00 PM

Valid to:
3/3/2017 6:59:59 PM

Subject:
CN="Beijing Caiyunshidai Technology Co., Ltd.", O="Beijing Caiyunshidai Technology Co., Ltd.", L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
5CA1EF4409BED5441078E4EC71840A58

File PE Metadata
Compilation timestamp:
2/13/2017 10:18:44 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x570E

Entry point:
E8, 05, 00, 00, 00, E9, AB, 4C, 00, 00, 55, 8B, EC, 83, EC, 14, 83, 65, F4, 00, 83, 65, F8, 00, A1, 00, 30, 46, 00, 56, 57, BF, 4E, E6, 40, BB, BE, 00, 00, FF, FF, 3B, C7, 74, 0D, 85, C6, 74, 09, F7, D0, A3, 04, 30, 46, 00, EB, 66, 8D, 45, F4, 50, FF, 15, A0, D0, 45, 00, 8B, 45, F8, 33, 45, F4, 89, 45, FC, FF, 15, 64, D0, 45, 00, 31, 45, FC, FF, 15, 9C, D0, 45, 00, 31, 45, FC, 8D, 45, EC, 50, FF, 15, 98, D0, 45, 00, 8B, 4D, F0, 8D, 45, FC, 33, 4D, EC, 33, 4D, FC, 33, C8, 3B, CF, 75, 07, B9, 4F, E6, 40, BB...
 
[+]

Entropy:
7.8452  (probably packed)

Code size:
367.5 KB (376,320 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-52-85-83-168.lax1.r.cloudfront.net  (52.85.83.168:80)

TCP (HTTP):
Connects to server-52-85-77-210.lax3.r.cloudfront.net  (52.85.77.210:80)

TCP (HTTP):
Connects to server-52-85-221-92.cdg50.r.cloudfront.net  (52.85.221.92:80)

TCP (HTTP):
Connects to server-54-192-55-56.jfk6.r.cloudfront.net  (54.192.55.56:80)

TCP (HTTP):
Connects to server-54-192-55-184.jfk6.r.cloudfront.net  (54.192.55.184:80)

TCP (HTTP):
Connects to server-54-192-55-168.jfk6.r.cloudfront.net  (54.192.55.168:80)

TCP (HTTP):
Connects to server-54-192-55-124.jfk6.r.cloudfront.net  (54.192.55.124:80)

TCP (HTTP):
Connects to server-54-192-55-100.jfk6.r.cloudfront.net  (54.192.55.100:80)

TCP (HTTP):
Connects to server-52-85-83-81.lax1.r.cloudfront.net  (52.85.83.81:80)

TCP (HTTP):
Connects to server-52-85-83-127.lax1.r.cloudfront.net  (52.85.83.127:80)

TCP (HTTP):
Connects to server-52-85-77-254.lax3.r.cloudfront.net  (52.85.77.254:80)

TCP (HTTP):
Connects to server-52-85-77-211.lax3.r.cloudfront.net  (52.85.77.211:80)

TCP (HTTP):
Connects to server-52-84-126-59.iad16.r.cloudfront.net  (52.84.126.59:80)

Remove ic-0.d4a4cd6d01321.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.