home

parishoners.exe

Parishoners

The application parishoners.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named 2682508 triggered to execute each time a user logs in. While running, it connects to the Internet address cdce.nym011.internap.com on port 80 using the HTTP protocol.
Publisher:
Parishoners

Product:
Parishoners

Version:
1.0.0.0

MD5:
e1dc1748d3479616d7c3488474954483

SHA-1:
53ce360926a88fd55f898364f98cebbc1a6d413d

SHA-256:
ba42355d8422885003911f27ac0d0b54daa270a6a96eea24ee991650b02b983a

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/24/2024 8:22:33 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Adware.Dotdo.AP application
6.3.12010.0

Reason Heuristics
Adware.Dotdo.ET (M)
17.2.11.23

File size:
11.5 KB (11,776 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Parishoners 2017

Trademarks:
© 2017 Parishoners

Original file name:
parishoners.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\cueing\parishoners.exe

File PE Metadata
Compilation timestamp:
2/10/2017 10:58:48 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x414E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.0474

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
8.5 KB (8,704 bytes)

Scheduled Task
Task name:
2682508

Trigger:
Logon (Runs on logon)

Description:
26825082682508


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-192-37-129.jfk1.r.cloudfront.net  (54.192.37.129:80)

TCP (HTTP):
Connects to hosted-by.instantdedicated.com  (188.95.50.96:80)

TCP (HTTP):
Connects to static.hosted-by.miamidedicated.com  (162.222.193.17:80)

TCP (HTTP):
Connects to 46.c8.c0ad.ip4.static.sl-reverse.com  (173.192.200.70:80)

TCP (HTTP):
Connects to lb-web.ustream.tv  (199.66.238.211:80)

TCP (HTTP):
Connects to cdce.acs006.internap.com  (64.74.126.6:80)

TCP (HTTP):
Connects to ec2-52-206-147-54.compute-1.amazonaws.com  (52.206.147.54:80)

TCP (HTTP):
Connects to ec2-54-174-121-247.compute-1.amazonaws.com  (54.174.121.247:80)

TCP (HTTP):
Connects to server-54-192-37-85.jfk1.r.cloudfront.net  (54.192.37.85:80)

TCP (HTTP):
Connects to server-54-192-37-7.jfk1.r.cloudfront.net  (54.192.37.7:80)

TCP (HTTP):
Connects to server-54-192-37-227.jfk1.r.cloudfront.net  (54.192.37.227:80)

TCP (HTTP):
Connects to i1-h0-s1011.p1-iad.cdngp.net  (66.114.52.46:80)

TCP (HTTP):
Connects to ec2-52-72-71-183.compute-1.amazonaws.com  (52.72.71.183:80)

TCP (HTTP):
Connects to cdce.nym011.internap.com  (63.251.19.12:80)

TCP (HTTP):
Connects to amung.us  (67.202.94.93:80)

TCP (HTTP):
Connects to server-54-192-37-133.jfk1.r.cloudfront.net  (54.192.37.133:80)

TCP (HTTP):
Connects to server-54-192-37-123.jfk1.r.cloudfront.net  (54.192.37.123:80)

TCP (HTTP):
Connects to server-52-85-94-31.jfk5.r.cloudfront.net  (52.85.94.31:80)

TCP (HTTP):
Connects to server-52-85-133-63.iad53.r.cloudfront.net  (52.85.133.63:80)

TCP (HTTP):
Connects to server-52-85-133-104.iad53.r.cloudfront.net  (52.85.133.104:80)

Remove parishoners.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.