home

testnextversion.exe

I7QL95VL@

I7Q

The application testnextversion.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
I7Q

Product:
I7QL95VL@

Description:
I7

Version:
1.0.8.1

MD5:
ef314258ced0f47a80f2a08905048e93

SHA-1:
acc6eb11b632339a6f682b18c936e37866fd70e9

SHA-256:
05fe1efc0e169f402af7aac278824b833a53c5e525fe0f6dcfe60480b94da324

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
6/16/2024 8:19:29 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Eorezo.TNV (M)
17.3.7.9

File size:
3.4 MB (3,561,984 bytes)

Product version:
1.0.8.1

Copyright:
Copyright © 8863

Original file name:
NonApplicable.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\testnextversion.exe

File PE Metadata
Compilation timestamp:
3/7/2017 2:13:55 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
48.0

.NET CLR dependent:
Yes

Entry address:
0x32EA5A

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.3058

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
3.2 MB (3,329,024 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to dwl0.wizzlabs.com  (94.23.252.37:80)

TCP (HTTP):
Connects to s3-1.amazonaws.com  (54.231.50.60:80)

TCP (HTTP):
Connects to mess2.wizzlabs.com  (176.31.107.87:80)

TCP (HTTP):
Connects to dwl1.wizzlabs.com  (46.105.121.115:80)

Remove testnextversion.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.