» interhop.exe
Overview
Analysis
File Details
Behaviors (1)
Network (81)

interhop.exe

Xiaodong Wang

The application interhop.exe by Xiaodong Wang has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a windows Service named “InterHop”. While running, it connects to the Internet address server-54-230-51-207.jfk5.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

interhop.exe

Publisher:

Xiaodong Wang (signed and verified)

MD5:

b31a7b5e6b4c566cc3ddc26831c8120e

SHA-1:

827c509748b84a1abb0e81b2d15f367daa18cadc

SHA-256:

93b8ef13e6b86f73da19154fd0f3a62630d3fc713d99a5bb2cff274fa70dd513

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 6:47:58 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.InterHop (M)

16.9.20.14

File size:

434.2 KB (444,648 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\interhop\interhop.exe

Digital Signature

Signed by:

Xiaodong Wang

Authority:

thawte, Inc.

Valid from:

9/18/2016 2:00:00 AM

Valid to:

8/9/2017 1:59:59 AM

Subject:

CN=Xiaodong Wang, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

0A4376BB30B80CD104AC42B125DE050A

File PE Metadata

Compilation timestamp:

9/18/2016 8:36:55 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

CTPH (ssdeep):

12288:ng9K9picjH6D8Z4xMmUF+choF0LtqM5NBq:ng9K9vH6D8ZEY+60P

Entry address:

0xA39C4

Entry point:

9C, C7, 04, 24, BC, 09, 91, 47, 60, 9C, C7, 44, 24, 20, 9A, BB, 3F, EA, 60, 57, C6, 44, 24, 04, 69, 8D, 64, 24, 44, E9, 84, 9B, 05, 00, B9, 32, E0, 98, D6, 72, C4, AE, F0, 7C, 2A, 7A, 28, DA, 78, 80, EA, 88, 5E, 86, 50, 8A, 58, E1, 29, 4E, 5F, 25, F7, 95, C2, 68, E2, 0E, 5C, D0, 2E, 78, 80, 9E, BF, D3, 47, E1, 60, AE, DB, 78, D6, 4E, F8, 32, 2C, BA, 95, D3, 33, 8E, F0, 68, 17, 6B, 05, E1, A8, 54, E6, F8, 2A, 94, 42, F3, 43, 70, 7B, 9E, D9, 11, 36, FE, 60, EE, 95, DD, 93, 53, 35, A8, B5, FD, 04, 16, E6, 88... 
[+]

Code size:

274.5 KB (281,088 bytes)

Service

Display name:

InterHop

Type:

Win32OwnProcess, InteractiveProcess

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-54-230-206-86.atl50.r.cloudfront.net (54.230.206.86:80)

TCP (HTTP):

Connects to server-54-230-141-27.sfo5.r.cloudfront.net (54.230.141.27:80)

TCP (HTTP):

Connects to server-54-230-95-237.fra2.r.cloudfront.net (54.230.95.237:80)

TCP (HTTP):

Connects to server-54-192-230-18.waw50.r.cloudfront.net (54.192.230.18:80)

TCP (HTTP):

Connects to server-54-192-230-75.waw50.r.cloudfront.net (54.192.230.75:80)

TCP (HTTP):

Connects to server-54-230-51-40.jfk5.r.cloudfront.net (54.230.51.40:80)

TCP (HTTP):

Connects to server-54-230-51-207.jfk5.r.cloudfront.net (54.230.51.207:80)

TCP (HTTP):

Connects to server-54-230-81-221.mia50.r.cloudfront.net (54.230.81.221:80)

TCP (HTTP):

Connects to server-54-230-141-52.sfo5.r.cloudfront.net (54.230.141.52:80)

TCP (HTTP):

Connects to server-54-230-141-29.sfo5.r.cloudfront.net (54.230.141.29:80)

TCP (HTTP):

Connects to server-54-192-36-114.jfk1.r.cloudfront.net (54.192.36.114:80)

TCP (HTTP):

Connects to server-54-192-230-46.waw50.r.cloudfront.net (54.192.230.46:80)

TCP (HTTP):

Connects to server-54-192-230-13.waw50.r.cloudfront.net (54.192.230.13:80)

TCP (HTTP):

Connects to server-52-84-33-77.ewr50.r.cloudfront.net (52.84.33.77:80)

TCP (HTTP):

Connects to server-52-84-33-52.ewr50.r.cloudfront.net (52.84.33.52:80)

TCP (HTTP):

Connects to server-52-84-33-196.ewr50.r.cloudfront.net (52.84.33.196:80)

TCP (HTTP):

Connects to server-54-192-230-28.waw50.r.cloudfront.net (54.192.230.28:80)

TCP (HTTP):

Connects to server-54-192-230-178.waw50.r.cloudfront.net (54.192.230.178:80)

TCP (HTTP):

Connects to server-54-192-203-170.fra50.r.cloudfront.net (54.192.203.170:80)

TCP (HTTP):

Connects to server-52-84-33-110.ewr50.r.cloudfront.net (52.84.33.110:80)

Remove interhop.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.