home

noel.exe

Noel

The application noel.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named 52650766 triggered to execute each time a user logs in. According to AVG, this software downloads additional adware offers during setup. While running, it connects to the Internet address hosted-by.instantdedicated.com on port 80 using the HTTP protocol.
Publisher:
Noel

Product:
Noel

Version:
1.7.9.134

MD5:
90a41e59249fcfe08633956e7b239d3d

SHA-1:
9cfa8ed3530d803d06bdbcb60472796e3939ff1a

SHA-256:
74e43ac94e6141ef46906cb468148eace727d0b5ac8c2e814dce6777289d565b

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
4/20/2024 2:43:57 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Potentially harmful program Downloader.BJMO
2013.0.4756

ESET NOD32
MSIL/Adware.Dotdo.AP application
6.3.12010.0

Reason Heuristics
Adware.Dotdo.ET (M)
17.3.4.23

File size:
9.5 KB (9,728 bytes)

Product version:
1.7.9.134

Copyright:
Copyright © Noel 2017

Trademarks:
© 2017 Noel

Original file name:
noel.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\noel.exe

File PE Metadata
Compilation timestamp:
2/4/2017 8:09:40 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x3BAE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.2699

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
7 KB (7,168 bytes)

Scheduled Task
Task name:
52650766

Trigger:
Logon (Runs on logon)

Description:
5265076652650766


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 162-254-148-148.static.hvvc.us  (162.254.148.148:80)

TCP (HTTP):
Connects to server-52-84-24-163.sea32.r.cloudfront.net  (52.84.24.163:80)

TCP (HTTP SSL):
Connects to server-52-84-24-160.sea32.r.cloudfront.net  (52.84.24.160:443)

TCP (HTTP):
Connects to ec2-54-70-31-99.us-west-2.compute.amazonaws.com  (54.70.31.99:80)

TCP (HTTP):
Connects to ec2-54-70-172-83.us-west-2.compute.amazonaws.com  (54.70.172.83:80)

TCP (HTTP):
Connects to ec2-54-209-128-123.compute-1.amazonaws.com  (54.209.128.123:80)

TCP (HTTP):
Connects to ec2-54-191-66-51.us-west-2.compute.amazonaws.com  (54.191.66.51:80)

TCP (HTTP):
Connects to ec2-52-9-212-254.us-west-1.compute.amazonaws.com  (52.9.212.254:80)

TCP (HTTP):
Connects to ec2-52-73-204-166.compute-1.amazonaws.com  (52.73.204.166:80)

TCP (HTTP):
Connects to ec2-52-44-29-108.compute-1.amazonaws.com  (52.44.29.108:80)

TCP (HTTP SSL):
Connects to ec2-52-15-39-8.us-east-2.compute.amazonaws.com  (52.15.39.8:443)

TCP (HTTP):
Connects to ec2-34-198-58-174.compute-1.amazonaws.com  (34.198.58.174:80)

TCP (HTTP SSL):
Connects to 57.247.178.107.bc.googleusercontent.com  (107.178.247.57:443)

TCP (HTTP):
Connects to static.hosted-by.miamidedicated.com  (162.222.193.17:80)

TCP (HTTP):
Connects to server-52-84-24-156.sea32.r.cloudfront.net  (52.84.24.156:80)

TCP (HTTP):
Connects to pr-bh.pbp.vip.gq1.yahoo.com  (74.6.34.27:80)

TCP (HTTP):
Connects to ox-173-241-250-143.ca.dc.openx.org  (173.241.250.143:80)

TCP (HTTP):
Connects to mpr1.ngd.vip.gq1.yahoo.com  (216.39.55.12:80)

TCP (HTTP):
Connects to hosted-by.instantdedicated.com  (188.95.50.96:80)

TCP (HTTP):
Connects to ec2-52-8-163-191.us-west-1.compute.amazonaws.com  (52.8.163.191:80)

Remove noel.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.