home

msdt.exe

The executable msdt.exe has been detected as malware by 16 anti-virus scanners.
MD5:
fb1c83fcfe7df5c41161742f92710c05

SHA-1:
71a0271d54b2d81902eea6a68fa7ce2a2ff7c28c

SHA-256:
bfd6addacdb5d4d42c859e3faa4550dc9252759ce670ec92d1ec8d0b0484fd48

Scanner detections:
16 / 68

Status:
Malware

Analysis date:
4/25/2024 8:50:44 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Agent
7.1.1

AhnLab V3 Security
Trojan/Win64.Necurs
2014.08.31

Avira AntiVirus
TR/ATRAPS.Gen
7.11.170.44

avast!
Win32:Kryptik-OEC [Trj]
2014.9-140907

AVG
Win32/DH
2015.0.3359

Fortinet FortiGate
W32/Agent.AHRUN!tr
9/7/2014

IKARUS anti.virus
Trojan.ATRAPS
t3scan.1.7.5.0

Kaspersky
Trojan.Win32.Agent
14.0.0.3290

Malwarebytes
Trojan.Agent
v2014.09.07.12

McAfee
Artemis!FB1C83FCFE7D
5600.7015

Panda Antivirus
Trj/Chgt.D
14.09.07.12

Qihoo 360 Security
Win32/Trojan.c03
1.0.0.1015

SUPERAntiSpyware
Trojan.Agent/Gen-Foreign
10375

Trend Micro House Call
TROJ_GEN.R0CBC0UHT14
7.2.250

Trend Micro
TROJ_GEN.R0CBC0UHT14
10.465.07

VIPRE Antivirus
Trojan.Win32.Generic
32704

File size:
130.5 KB (133,632 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\roaming\microsoft\windows\ieupdate\msdt.exe

File PE Metadata
Compilation timestamp:
8/23/2004 3:53:57 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

CTPH (ssdeep):
3072:ibSK0Ib4DA3nuMpcgSyMkfEyF3iXLZvBHUc3A:ib9RbnDWkfEyF3sLZL3

Entry address:
0x6B08

Entry point:
48, 89, 5C, 24, 10, 48, 89, 74, 24, 18, 55, 48, 8D, AC, 24, 50, F8, FF, FF, 48, 81, EC, B0, 08, 00, 00, E8, E9, AB, FF, FF, E8, 08, F8, FF, FF, 84, C0, 0F, 84, FD, 02, 00, 00, 48, 8D, 95, 10, 06, 00, 00, B9, 02, 02, 00, 00, FF, 15, 02, 3B, 01, 00, 85, C0, 0F, 85, E3, 02, 00, 00, 48, 8D, 0D, 53, A8, 01, 00, 33, D2, E8, 6C, 52, 00, 00, 85, C0, 0F, 84, CD, 02, 00, 00, 48, 8D, 35, C5, A5, 01, 00, 41, B8, 04, 01, 00, 00, 33, C9, 48, 8B, D6, FF, 15, E4, 35, 01, 00, 48, 8B, CE, FF, 15, 93, 39, 01, 00, 48, 8D, 0D...
 
[+]

Code size:
99 KB (101,376 bytes)

Scrnsave
Name:
msdt.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.l.pricegrabber.com  (64.19.235.50:80)

TCP (HTTP):
Connects to unassigned.psychz.net  (23.228.235.163:80)

TCP (HTTP):
Connects to sulu.viraladnetwork.net  (46.20.227.148:80)

TCP (HTTP):
Connects to server-54-230-2-198.lhr5.r.cloudfront.net  (54.230.2.198:80)

TCP (HTTP):
Connects to s3-1.amazonaws.com  (54.231.16.152:80)

TCP (HTTP):
Connects to private-branded-sto.mediaplex.com  (89.207.18.187:80)

TCP (HTTP):
Connects to par08s10-in-f25.1e100.net  (74.125.230.249:80)

TCP (HTTP):
Connects to m8-mp1-cvx1b.lan.ntl.com  (62.252.168.8:80)

TCP (HTTP):
Connects to m42-mp1-cvx1b.lan.ntl.com  (62.252.168.42:80)

TCP (HTTP):
Connects to m27-mp1-cvx1b.lan.ntl.com  (62.252.168.27:80)

TCP (HTTP):
Connects to m24-mp1-cvx1b.lan.ntl.com  (62.252.168.24:80)

TCP (HTTP):
Connects to lhr08s05-in-f28.1e100.net  (74.125.230.156:80)

TCP (HTTP):
Connects to img-global.mplx.akadns.net  (89.207.18.181:80)

TCP (HTTP):
Connects to gd.ads.vip.gq1.yahoo.com  (98.137.170.33:80)

TCP (HTTP):
Connects to errserv-21.btrll.com  (162.208.21.166:80)

TCP (HTTP):
Connects to ec2-79-125-26-89.eu-west-1.compute.amazonaws.com  (79.125.26.89:80)

TCP (HTTP):
Connects to ec2-54-84-134-211.compute-1.amazonaws.com  (54.84.134.211:80)

TCP (HTTP):
Connects to ec2-54-77-38-162.eu-west-1.compute.amazonaws.com  (54.77.38.162:80)

TCP (HTTP):
Connects to ec2-54-247-105-52.eu-west-1.compute.amazonaws.com  (54.247.105.52:80)

TCP (HTTP):
Connects to ec2-54-246-169-172.eu-west-1.compute.amazonaws.com  (54.246.169.172:80)

Remove msdt.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.