webfreer.exe

Web Freer

Appaxy Inc.

Publisher:
Appaxy Inc.

Product:
Web Freer

Version:
1.1.1.1(29.0.1547.62)

MD5:
683b3fd2a2ca4130df65ef9fc7458a7f

SHA-1:
fbad1722fc77bdd76b2191cf81c2bc237f07f7a9

SHA-256:
b050e02e7c788427a0fcede608bdc02248a12c1d813eeb6e0a0d36a0d89b7b79

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
10/21/2018 11:21:02 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Trojan.Win32.WebFreer
4.0.3.1468

ESET NOD32
Win32/WebFreer (variant)
8.9910

File size:
951 KB (973,824 bytes)

Product version:
1.1.1.0(29.0.1547.62)

Copyright:
Copyright (C) 2011 Appaxy Inc. All Rights Reserved.

Original file name:
webfreer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\webfreer\webfreer.exe

File PE Metadata
Compilation timestamp:
5/27/2014 6:17:34 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:ZldHf7LbLK0D/BS3ExsDRIILpvFFF8dr0YZ3BgV15:F/7TKW/BSJDtLJFFF8dr0YZ3BgV

Entry address:
0x4E311

Entry point:
E8, 10, 95, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, 35, 20, C2, 46, 00, 57, FF, 35, 94, D3, 49, 00, FF, D6, FF, 35, 90, D3, 49, 00, 8B, D8, 89, 5D, FC, FF, D6, 8B, F0, 3B, F3, 0F, 82, 81, 00, 00, 00, 8B, FE, 2B, FB, 8D, 47, 04, 83, F8, 04, 72, 75, 53, E8, 66, 95, 00, 00, 8B, D8, 8D, 47, 04, 59, 3B, D8, 73, 48, B8, 00, 08, 00, 00, 3B, D8, 73, 02, 8B, C3, 03, C3, 3B, C3, 72, 0F, 50, FF, 75, FC, E8, E0, 49, 00, 00, 59, 59, 85, C0, 75, 16, 8D, 43, 10, 3B, C3, 72, 3E, 50, FF, 75, FC, E8...
 
[+]

Code size:
424.5 KB (434,688 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to vip1.g5.cachefly.net  (205.234.175.175:80)

TCP (HTTP SSL):
Connects to ns527678.ip-198-27-69.net  (198.27.69.217:443)

TCP (HTTP):
Connects to 196-124-232-198.static.unitasglobal.net  (198.232.124.196:80)

TCP (HTTP):
Connects to 67.1d.7e4b.ip4.static.sl-reverse.com  (75.126.29.103:80)

TCP (HTTP SSL):
Connects to ns317867.ip-94-23-12.eu  (94.23.12.181:443)

TCP (HTTP):
Connects to 66.1d.7e4b.ip4.static.sl-reverse.com  (75.126.29.102:80)

TCP (HTTP SSL):
Connects to static.khi77.pie.net.pk  (221.120.207.54:443)

TCP (HTTP):
Connects to a92-122-201-166.deploy.akamaitechnologies.com  (92.122.201.166:80)

TCP (HTTP):
Connects to a92-122-182-81.deploy.akamaitechnologies.com  (92.122.182.81:80)

TCP (HTTP):
Connects to a23-206-25-177.deploy.static.akamaitechnologies.com  (23.206.25.177:80)

TCP (HTTP):
Connects to 65.1d.7e4b.ip4.static.sl-reverse.com  (75.126.29.101:80)

TCP (HTTP):
Connects to 64.1d.7e4b.ip4.static.sl-reverse.com  (75.126.29.100:80)

TCP (HTTP):
Connects to px-acs001.quantserve.com.akadns.net  (203.190.124.12:80)

TCP (HTTP SSL):
Connects to ip234.ip-198-50-157.net  (198.50.157.234:443)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to a23-15-110-102.deploy.static.akamaitechnologies.com  (23.15.110.102:80)

TCP (HTTP):
Connects to a184-28-218-130.deploy.static.akamaitechnologies.com  (184.28.218.130:80)

TCP (HTTP):
Connects to a104-102-156-145.deploy.static.akamaitechnologies.com  (104.102.156.145:80)

TCP (HTTP SSL):
Connects to 72-46-134.unassigned.userdns.com  (72.46.134.18:443)

Scan webfreer.exe - Powered by Reason Core Security