home

msrncef.exe

AD ROCKS, INC.

The executable msrncef.exe has been detected as malware by 1 anti-virus scanner. While running, it connects to the Internet address unknown.telstraglobal.net on port 443.
Publisher:
AD ROCKS, INC.  (signed and verified)

MD5:
6ac6e9fd4d7eb383395b41db973f4bc3

SHA-1:
bc9ad5af1fa5a23b86006cea50edc35ff81a5079

SHA-256:
e0e73150543cbed7bcac10c41b3300473fc3ebf855339ee79243b07511ed1a25

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
4/25/2024 8:22:41 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.9.16.7

File size:
165.6 KB (169,624 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\rightsnetwork\rightsplugin\data\cefdist\msrncef.exe

Digital Signature
Signed by:
AD ROCKS, INC.

Authority:
thawte, Inc.

Valid from:
6/26/2015 9:00:00 AM

Valid to:
7/23/2017 8:59:59 AM

Subject:
CN="AD ROCKS, INC.", O="AD ROCKS, INC.", L=LAS VEGAS, S=Nevada, C=US

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
42F64A6F5D53B03D0D14A3CBFE1A5169

File PE Metadata
Compilation timestamp:
9/16/2016 12:37:07 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
3072:mCBSmTCgkdibCG1uPnJ738/AzVTSYJIpea8pH6spjHSa2Z0e8ElQnqwM6sdz:mRBO1I7MpYJIpjwP1ya2D8EWzM

Entry address:
0x7D2C0

Entry point:
60, BE, 00, 60, 45, 00, 8D, BE, 00, B0, FA, FF, C7, 87, F8, D9, 06, 00, C2, 1B, 2D, FD, 57, EB, 11, 90, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46...
 
[+]

Entropy:
7.9007  (probably packed)

Code size:
160 KB (163,840 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to bam-2.nr-data.net  (50.31.164.166:443)

TCP (HTTP SSL):
Connects to unknown.telstraglobal.net  (210.176.156.25:443)

TCP (HTTP):
Connects to static.45.53.201.138.clients.your-server.de  (138.201.53.45:80)

TCP (HTTP):
Connects to static.69.141.201.138.clients.your-server.de  (138.201.141.69:80)

TCP (HTTP SSL):
Connects to a23-211-96-154.deploy.static.akamaitechnologies.com  (23.211.96.154:443)

TCP (HTTP SSL):
Connects to a23-210-202-185.deploy.static.akamaitechnologies.com  (23.210.202.185:443)

TCP (HTTP SSL):
Connects to a184-31-32-240.deploy.static.akamaitechnologies.com  (184.31.32.240:443)

TCP (HTTP):
Connects to a104-77-40-180.deploy.static.akamaitechnologies.com  (104.77.40.180:80)

TCP (HTTP):
Connects to a104-77-32-137.deploy.static.akamaitechnologies.com  (104.77.32.137:80)

TCP (HTTP SSL):
Connects to a104-77-25-156.deploy.static.akamaitechnologies.com  (104.77.25.156:443)

TCP (HTTP SSL):
Connects to a104-71-162-88.deploy.static.akamaitechnologies.com  (104.71.162.88:443)

TCP (HTTP SSL):
Connects to a104-127-219-134.deploy.static.akamaitechnologies.com  (104.127.219.134:443)

TCP (HTTP SSL):
Connects to a104-127-206-115.deploy.static.akamaitechnologies.com  (104.127.206.115:443)

TCP (HTTP SSL):
Connects to a104-111-209-31.deploy.static.akamaitechnologies.com  (104.111.209.31:443)

TCP (HTTP SSL):
Connects to a104-111-209-189.deploy.static.akamaitechnologies.com  (104.111.209.189:443)

TCP (HTTP SSL):
Connects to a23-210-202-160.deploy.static.akamaitechnologies.com  (23.210.202.160:443)

TCP (HTTP SSL):
Connects to 96.248.178.107.bc.googleusercontent.com  (107.178.248.96:443)

TCP (HTTP SSL):
Connects to 78.bm-nginx-loadbalancer.mgmt.nrt1.adnexus.net  (103.43.91.8:443)

TCP (HTTP SSL):
Connects to 194.14.211.130.bc.googleusercontent.com  (130.211.14.194:443)

TCP (HTTP):
Connects to a23-211-99-91.deploy.static.akamaitechnologies.com  (23.211.99.91:80)

Remove msrncef.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.