home

xa1e0.exe

BDE MSM Configuration Utility

`

The executable xa1e0.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘a3167’. While running, it connects to the Internet address m-prd-req-adcom-mtc-c.evip.aol.com on port 80 using the HTTP protocol.
Publisher:
`

Product:
BDE MSM Configuration Utility

Description:
File folder

Version:
1.00

MD5:
73314d5c001e02cdbafa25bc261c073c

SHA-1:
0261f41b4126e2ae7ad1b053524d02734a88afb6

SHA-256:
284ba5f3ba01190b3161cd8c3c7a60dceec90d50473408a7f7133665e030578a

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
4/19/2024 9:28:44 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Generic
17.3.5.19

File size:
672 KB (688,128 bytes)

Product version:
1.00

Original file name:
BDEMMCFG

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\xa1e0.exe

File PE Metadata
Compilation timestamp:
1/13/2007 2:22:57 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0x304DC

Entry point:
90, 81, FA, E5, 8C, 88, 92, F7, C2, 16, 20, 3D, A1, 40, 8D, 40, 0D, F7, D0, 42, 18, D8, F7, D2, 4A, 48, 40, 86, D4, 68, 4E, 6A, 00, 00, F8, 59, 90, 8D, 97, 07, 83, C8, E0, E9, F8, 02, 00, 00, 00, 65, F1, E9, EC, 3B, 7E, 08, EC, 57, 00, 12, 3F, 5A, 00, 52, 7A, 0F, E2, 00, 9C, D5, 70, 33, 00, 28, 64, 00, 9D, F0, 26, AB, CE, BC, 00, 1E, 6E, 84, 81, 14, 89, 00, 75, AC, 00, E0, B8, 00, 9A, 49, 21, 00, E1, 00, 64, C6, 9F, 7F, 00, 85, 60, EB, 54, 00, 5A, 2A, 27, 37, 00, 4D, 5D, 0D, B8, 00, 76, ED, 94, 9C, 59, 5A...
 
[+]

Entropy:
4.5205

Code size:
192 KB (196,608 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
a3167

Command:
xa1e0.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to oneads-sspums-adtech-scd-blue-b.evip.aol.com  (152.163.20.130:80)

TCP (HTTP):
Connects to adtechus-ads-adtech-mtc-blue-a.evip.aol.com  (152.163.66.131:80)

TCP (HTTP):
Connects to static.117.154.251.148.clients.your-server.de  (148.251.154.117:80)

TCP (HTTP):
Connects to s1-eu.adformnet.akadns.net  (37.157.6.252:80)

TCP (HTTP):
Connects to m-prd-umpxl-shared-mr1-blue-b.evip.aol.com  (152.163.51.3:80)

TCP (HTTP):
Connects to map-e2.pipelane.net  (204.2.197.211:80)

TCP (HTTP):
Connects to ec2-54-175-60-74.compute-1.amazonaws.com  (54.175.60.74:80)

TCP (HTTP):
Connects to ec2-52-202-214-191.compute-1.amazonaws.com  (52.202.214.191:80)

TCP (HTTP):
Connects to ec2-52-0-62-44.compute-1.amazonaws.com  (52.0.62.44:80)

TCP (HTTP):
Connects to ams01-login.dotomi.com  (63.215.202.140:80)

TCP (HTTP):
Connects to a95-101-72-209.deploy.akamaitechnologies.com  (95.101.72.209:80)

TCP (HTTP):
Connects to a72-247-178-155.deploy.akamaitechnologies.com  (72.247.178.155:80)

TCP (HTTP):
Connects to 74-115-4-74.anchorfree.com  (74.115.4.74:80)

TCP (HTTP):
Connects to 46.f7.2bd0.ip4.static.sl-reverse.com  (208.43.247.70:80)

TCP (HTTP):
Connects to 142.202.196.104.bc.googleusercontent.com  (104.196.202.142:80)

TCP (HTTP):
Connects to px-acs001.quantserve.com.akadns.net  (95.172.94.33:80)

TCP (HTTP):
Connects to ec2-54-93-130-65.eu-central-1.compute.amazonaws.com  (54.93.130.65:80)

TCP (HTTP):
Connects to ec2-52-44-216-143.compute-1.amazonaws.com  (52.44.216.143:80)

TCP (HTTP):
Connects to ec2-35-157-25-10.eu-central-1.compute.amazonaws.com  (35.157.25.10:80)

TCP (HTTP):
Connects to ec2-184-72-61-238.us-west-1.compute.amazonaws.com  (184.72.61.238:80)

Remove xa1e0.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.