uvconverter.exe

TODO:

TODO: <Company name>

It runs as a windows Service named “Convxxxx”.
Publisher:
TODO:

Product:
TODO: <Product name>

Description:
TODO: <File description>

Version:
1.0.0.1

MD5:
f8182f06e5a326b7050344ac2c2968b8

SHA-1:
7ea675c53c01ce6a8a38ff59285be3134c9d605e

SHA-256:
d04aa2fb4bc871558ea967569da60227c3386be34e5b77896fd1f44c8007827c

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
12/13/2018 3:17:42 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Adware.ELEX.BY application
6.3.12010.0

File size:
369 KB (377,856 bytes)

Product version:
1.0.0.1

Copyright:
Copyright (C) 2017

Original file name:
UvConver.exe

File type:
Executable application (Win32 EXE)

Language:
Chinese

Common path:
C:\users\{user}\appdata\roaming\gadgj\uvconverter.exe

File PE Metadata
Compilation timestamp:
1/19/2017 11:56:42 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
11.0

Entry address:
0x23C66

Entry point:
E8, 20, 96, 00, 00, E9, 7B, FE, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, 20, F3, 44, 00, 33, C5, 89, 45, FC, 83, 7D, 08, FF, 57, 74, 09, FF, 75, 08, E8, A9, 5F, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 6A, 4C, 8D, 85, E4, FC, FF, FF, 6A, 00, 50, E8, 36, 70, 00, 00, 8D, 85, E0, FC, FF, FF, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 83, C4, 0C, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8, FD, FF, FF, 89, 9D, D4, FD, FF, FF, 89, B5, D0, FD, FF, FF, 89, BD, CC...
 
[+]

Code size:
254.5 KB (260,608 bytes)

Service
Display name:
Convxxxx

Type:
Win32OwnProcess, InteractiveProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-52-85-83-245.lax1.r.cloudfront.net  (52.85.83.245:80)

TCP (HTTP):
Connects to server-54-239-132-228.sfo9.r.cloudfront.net  (54.239.132.228:80)

TCP (HTTP):
Connects to server-52-85-83-101.lax1.r.cloudfront.net  (52.85.83.101:80)

TCP (HTTP):
Connects to server-52-85-83-105.lax1.r.cloudfront.net  (52.85.83.105:80)

TCP (HTTP):
Connects to server-52-85-83-118.lax1.r.cloudfront.net  (52.85.83.118:80)

TCP (HTTP):
Connects to server-52-84-246-47.sfo20.r.cloudfront.net  (52.84.246.47:80)

TCP (HTTP):
Connects to server-52-84-246-153.sfo20.r.cloudfront.net  (52.84.246.153:80)

TCP (HTTP):
Connects to server-52-84-246-26.sfo20.r.cloudfront.net  (52.84.246.26:80)

TCP (HTTP):
Connects to server-54-230-95-238.fra2.r.cloudfront.net  (54.230.95.238:80)

TCP (HTTP):
Connects to server-54-230-95-216.fra2.r.cloudfront.net  (54.230.95.216:80)

TCP (HTTP):
Connects to server-54-230-95-203.fra2.r.cloudfront.net  (54.230.95.203:80)

TCP (HTTP):
Connects to server-52-84-25-153.sea32.r.cloudfront.net  (52.84.25.153:80)

TCP (HTTP):
Connects to server-54-230-96-76.arn1.r.cloudfront.net  (54.230.96.76:80)

TCP (HTTP):
Connects to server-54-230-96-205.arn1.r.cloudfront.net  (54.230.96.205:80)

TCP (HTTP):
Connects to server-54-230-96-104.arn1.r.cloudfront.net  (54.230.96.104:80)

TCP (HTTP):
Connects to server-52-84-25-216.sea32.r.cloudfront.net  (52.84.25.216:80)

TCP (HTTP):
Connects to server-52-84-25-160.sea32.r.cloudfront.net  (52.84.25.160:80)

TCP (HTTP):
Connects to server-54-239-132-245.sfo9.r.cloudfront.net  (54.239.132.245:80)

TCP (HTTP):
Connects to server-54-239-132-138.sfo9.r.cloudfront.net  (54.239.132.138:80)

TCP (HTTP):
Connects to server-54-230-5-122.dfw3.r.cloudfront.net  (54.230.5.122:80)

Scan uvconverter.exe - Powered by Reason Core Security