home

Remote.exe

Remote

This is a setup program which is used to install the application. The file has been seen being downloaded from bizsl.bc.cdn.bitgravity.com and multiple other hosts.
Publisher:
Remote

Product:
Remote

Description:
Remote Support

Version:
1.1

MD5:
473d4e19499a0c3a49a6b29618207516

SHA-1:
debf68b43d20a1cd0872412571a11a24986aa032

SHA-256:
e185bf60ff052d7572a056f5af194a1319daffe11c57f4d6b250db1f0c1ee4e3

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
5/5/2024 8:06:16 PM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.Cloddce.Trojan
1.3.0.4959

McAfee
Artemis!473D4E19499A
5600.6979

Sophos
NP AV Component
4.98

ViRobot
Adware.NPAntiVirus.R.940544
2011.4.7.4223

File size:
918.5 KB (940,544 bytes)

Product version:
1.1

Copyright:
©Remote

Trademarks:
Remote

Original file name:
Remote.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\remote.exe

File PE Metadata
Compilation timestamp:
8/6/2008 12:57:33 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:yOwzs2qIlDH02VTURw1cDgA/F1IVp0xRLLBJm:Lcs2JHRVQRvKkVLj

Entry address:
0x305001

Entry point:
60, E8, 03, 00, 00, 00, E9, EB, 04, 5D, 45, 55, C3, E8, 01, 00, 00, 00, EB, 5D, BB, ED, FF, FF, FF, 03, DD, 81, EB, 00, 50, 30, 00, 83, BD, 22, 04, 00, 00, 00, 89, 9D, 22, 04, 00, 00, 0F, 85, 65, 03, 00, 00, 8D, 85, 2E, 04, 00, 00, 50, FF, 95, 4D, 0F, 00, 00, 89, 85, 26, 04, 00, 00, 8B, F8, 8D, 5D, 5E, 53, 50, FF, 95, 49, 0F, 00, 00, 89, 85, 4D, 05, 00, 00, 8D, 5D, 6B, 53, 57, FF, 95, 49, 0F, 00, 00, 89, 85, 51, 05, 00, 00, 8D, 45, 77, FF, E0, 56, 69, 72, 74, 75, 61, 6C, 41, 6C, 6C, 6F, 63, 00, 56, 69, 72...
 
[+]

Entropy:
7.9858

Packer / compiler:
ASPack v2.12

Code size:
1.9 MB (2,011,136 bytes)

The file Remote.exe has been seen being distributed by the following 3 URLs.

http://bizsl.bc.cdn.bitgravity.com/remote.exe

http://www.indiaantivirus.com/remote.exe

http://srv9.computerkolkata.com/.../remote.exe

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to master6.teamviewer.com  (178.77.120.100:5938)

TCP:
Connects to server50604.teamviewer.com  (195.81.195.52:5938)

TCP:
Connects to server26502.teamviewer.com  (94.16.3.141:5938)

TCP:
Connects to server25006.teamviewer.com  (188.172.219.74:5938)

TCP:
Connects to server20602.teamviewer.com  (217.146.13.3:5938)

TCP:
Connects to server20410.teamviewer.com  (37.252.253.62:5938)

TCP:
Connects to server19708.teamviewer.com  (159.122.189.45:5938)

TCP:
Connects to server18902.teamviewer.com  (159.122.90.117:5938)

TCP:
Connects to master8.teamviewer.com  (178.77.120.104:5938)

Scan Remote.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.