home

aa_v3.2.exe

Ammyy Admin

Ammyy LLC

The application aa_v3.2.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from nict.co.in. While running, it connects to the Internet address rl.ammyy.com on port 80 using the HTTP protocol.
Publisher:
Ammyy LLC

Product:
Ammyy Admin

Version:
3.2

MD5:
a787078206ae3598d64145b607dc8ce6

SHA-1:
0754494f17e9869dd13903be4d28592c5caee6c6

SHA-256:
9fa7030f3d5a2cec5e88e397fb4b212a1718d50df23fbd203bb0b94ca524b302

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/29/2024 12:16:14 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
16.1.17.14

File size:
724 KB (741,376 bytes)

Product version:
3.2

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\aa_v3.2.exe

File PE Metadata
Compilation timestamp:
6/2/2006 12:38:10 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:P2QKNGp2YPjE0d63iVg5Bfi781Rt1hpGqzdpW9eKVQvTPRpsbS5hEg:PSIp2Ydd6SVcpz1RtXpGadsbSh

Entry address:
0x789BE

Entry point:
55, 8B, EC, 6A, FF, 68, F8, 36, 48, 00, 68, 60, 8B, 47, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 94, F3, 47, 00, 59, 83, 0D, B8, EA, 4A, 00, FF, 83, 0D, BC, EA, 4A, 00, FF, FF, 15, 98, F3, 47, 00, 8B, 0D, A0, EA, 4A, 00, 89, 08, FF, 15, 9C, F3, 47, 00, 8B, 0D, 9C, EA, 4A, 00, 89, 08, A1, A0, F3, 47, 00, 8B, 00, A3, B4, EA, 4A, 00, E8, 72, AA, FA, FF, 39, 1D, D0, 73, 4A, 00, 75, 0C, 68, 8A, 8B, 47, 00, FF, 15, 08, F5...
 
[+]

Entropy:
6.6054

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
504 KB (516,096 bytes)

The file aa_v3.2.exe has been seen being distributed by the following URL.

http://nict.co.in/.../AA_v3.2.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to rl.ammyy.com  (176.56.184.37:80)

TCP (HTTP SSL):
Connects to pacific1385.us.unmetered.com  (209.239.123.75:443)

TCP (HTTP):
Connects to static-ip-173-224-123-242.inaddr.ip-pool.com  (173.224.123.242:80)

Remove aa_v3.2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.