Patcher.exe

Audition Patcher

Axeso5.com

The executable Patcher.exe has been detected as malware by 7 anti-virus scanners. While running, it connects to the Internet address cdn-68-142-101-7.mia1.llnw.net on port 80 using the HTTP protocol.
Publisher:
Axeso5.com

Product:
Audition Patcher

Version:
2.9

MD5:
a25d829383ca1b2b6a189a0c302ed226

SHA-1:
945c694d737b7f6eb6da88b7f1d0a9219adf592d

SHA-256:
d628bf0549dc7ea9e2cbb67c3a7e4f80c1595b4f8af19a75b9ad40000d6e7249

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
10/15/2018 10:30:35 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2105475
721

Bitdefender
Trojan.GenericKD.2105475
1.0.20.220

Emsisoft Anti-Malware
Trojan.GenericKD.2105475
8.15.02.13.11

F-Secure
Trojan.GenericKD.2105475
11.2015-13-02_6

G Data
Trojan.GenericKD.2105475
15.2.24

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.8.6.0

MicroWorld eScan
Trojan.GenericKD.2105475
16.0.0.132

File size:
495 KB (506,880 bytes)

Product version:
2.9

Copyright:
© 2014, Axeso5.com

Original file name:
Patcher.exe

File type:
Executable application (Win32 EXE)

Language:
Spanish (Argentina)

Common path:
C:\Program Files\axeso\patcher.exe

File PE Metadata
Compilation timestamp:
8/5/2014 9:42:27 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:QTUYjPoqCdo5rK75m0GsJqFeqYgQILHBrbXeYyZ:WHkv5mzsJqFTDLH9K

Entry address:
0x124B30

Entry point:
60, BE, 00, B0, 4A, 00, 8D, BE, 00, 60, F5, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89...
 
[+]

Entropy:
7.9126

Packer / compiler:
UPX 2.90LZMA

Code size:
488 KB (499,712 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ads.axeso5.com  (209.251.184.122:80)

TCP (HTTP):
Connects to cdn-68-142-101-254-mia1.llnw.net  (68.142.101.254:80)

TCP (HTTP):
Connects to edge-star-mini-shv-01-gru2.facebook.com  (31.13.85.36:80)

TCP (HTTP):
Connects to cdn-68-142-101-7.mia1.llnw.net  (68.142.101.7:80)

TCP (HTTP):
Connects to https-69-164-0-0.iad.llnw.net  (69.164.0.0:80)

TCP (HTTP):
Connects to edge-star-mini-shv-02-mia1.facebook.com  (157.240.0.35:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-02-mia1.fbcdn.net  (157.240.0.22:443)

TCP (HTTP):
Connects to cdn-208-111-128-6.lga.llnw.net  (208.111.128.6:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-02-gru2.fbcdn.net  (157.240.12.16:443)

TCP (HTTP):
Connects to https-69-164-0-128.iad.llnw.net  (69.164.0.128:80)

TCP (HTTP):
Connects to cdn-208-111-128-7.lga.llnw.net  (208.111.128.7:80)

TCP (HTTP):
Connects to https-69-28-162-128.lax.llnw.net  (69.28.162.128:80)

TCP (HTTP):
Connects to https-69-28-162-0.lax.llnw.net  (69.28.162.0:80)

TCP (HTTP):
Connects to edge-star-mini-shv-01-eze1.facebook.com  (31.13.94.35:80)

TCP (HTTP):
Connects to edge-star-mini-shv-01-bog1.facebook.com  (157.240.6.35:80)

TCP (HTTP):
Connects to a23-64-165-163.deploy.static.akamaitechnologies.com  (23.64.165.163:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-gru2.fbcdn.net  (31.13.85.4:443)

TCP (HTTP):
Connects to edge-star-mini-shv-02-gru2.facebook.com  (157.240.12.35:80)

Remove Patcher.exe - Powered by Reason Core Security