smelled.exe

Smelled

The application smelled.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named 41335644 triggered to execute each time a user logs in. While running, it connects to the Internet address at.amdgt.com on port 80 using the HTTP protocol.
Publisher:
Smelled

Product:
Smelled

Version:
8.6.9.84

MD5:
e208ede5ccd78f2f17d0816cd7cbdef1

SHA-1:
a2f2849eda2a07897d0c9b97a151528d288d0860

SHA-256:
0bc5c4443cd4607db557855546bd719a6cfc131874f0eb446c57a1d11812d1fb

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
2/14/2017 11:55:06 PM UTC  (ten months ago)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Adware.Dotdo.AP application
6.3.12010.0

Reason Heuristics
Adware.Dotdo.ET (M)
17.2.14.18

File size:
11.5 KB (11,776 bytes)

Product version:
8.6.9.84

Copyright:
Copyright © Smelled 2017

Trademarks:
© 2017 Smelled

Original file name:
smelled.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\bitterest\smelled.exe

File PE Metadata
Compilation timestamp:
2/13/2017 6:34:50 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x422E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
3.9517

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
9 KB (9,216 bytes)

Scheduled Task
Task name:
41335644

Trigger:
Logon (Runs on logon)

Description:
4133564441335644


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-192-55-80.jfk6.r.cloudfront.net  (54.192.55.80:80)

TCP (HTTP):
Connects to unallocated.barefruit.co.uk  (92.242.142.21:80)

TCP (HTTP):
Connects to tps615.doubleverify.com  (204.154.110.203:80)

TCP (HTTP):
Connects to hosted-by.instantdedicated.com  (188.95.50.96:80)

TCP (HTTP):
Connects to static.hosted-by.miamidedicated.com  (162.222.193.17:80)

TCP (HTTP):
Connects to rtb12.doubleverify.com  (204.154.110.79:80)

TCP (HTTP):
Connects to lb-web.ustream.tv  (199.66.238.212:80)

TCP (HTTP):
Connects to at.amdgt.com  (207.171.14.211:80)

TCP (HTTP SSL):
Connects to a23-208-51-61.deploy.static.akamaitechnologies.com  (23.208.51.61:443)

TCP (HTTP):
Connects to amung.us  (67.202.94.94:80)

TCP (HTTP):
Connects to i0-h0-s2033.p9-jfk.cdngp.net  (174.35.73.102:80)

TCP (HTTP):
Connects to cdce.nym011.internap.com  (63.251.19.10:80)

TCP (HTTP):
Connects to i0-h0-s2053.p9-jfk.cdngp.net  (174.35.73.139:80)

TCP (HTTP SSL):
Connects to a23-194-140-54.deploy.static.akamaitechnologies.com  (23.194.140.54:443)

TCP (HTTP):
Connects to eb.83.1732.ip4.static.sl-reverse.com  (50.23.131.235:80)

Remove smelled.exe - Powered by Reason Core Security