AdMunch.exe

Ad Muncher

Murray Hurps Software Pty Ltd

The executable AdMunch.exe has been detected as malware by 7 anti-virus scanners. This is a setup program which is used to install the application. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Ad Muncher’. The file has been seen being downloaded from www.admuncher.com. While running, it connects to the Internet address 74.113.233.187.df.iaccap.com on port 80 using the HTTP protocol.
Publisher:
Murray Hurps Software Pty Ltd

Product:
Ad Muncher

Version:
4.94.34121 (Free)

MD5:
9fe41c7114e3c1b941562fc0c53f8f8e

SHA-1:
7150b89c85e0cf50fbb902c2a6454d5a2357e8dc

SHA-256:
146fdca5fb83b1a0e9fcafd921a91d4adea9b74311bfd975835259c89bab94d0

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
11/22/2024 10:18:45 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Trojan.Win32.Scar
4.0.3.15827

Fortinet FortiGate
W32/Scar.KTAE!tr
10/2/2015

IKARUS anti.virus
Trojan.Win32.Scar
t3scan.1.9.5.0

Kaspersky
Trojan.Win32.Scar
15.0.0.543

McAfee
Artemis!9FE41C7114E3
5600.6624

Panda Antivirus
Generic Suspicious
15.10.02.05

Vba32 AntiVirus
Trojan.Scar
3.12.26.4

File size:
541.5 KB (554,496 bytes)

Product version:
4.94.34121 (Free)

Copyright:
Copyright © Murray Hurps Software Pty Ltd

Original file name:
AdMunch.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ad muncher\admunch.exe

File PE Metadata
Compilation timestamp:
12/7/2026 5:34:11 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:4GTL2veTIH7KaEV+QRYgrbMN4w9MEdcjhVNUmdH2OMQUptwkoSS:4GFT8S+ErbM99MdjlUmHM3w3

Entry address:
0x6B3190

Entry point:
60, BE, 00, 20, A3, 00, 8D, BE, 00, F0, 9C, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 43, 12, 6B, 00, 57, 83, C3, 04, 53, 68, 8E, 11, 08, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Code size:
520 KB (532,480 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Ad Muncher

Command:
"C:\Program Files\ad muncher\admunch.exe" \bt


The file AdMunch.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to host-213.158.175.65.tedata.net  (213.158.175.65:80)

TCP (HTTP):
Connects to 74.113.233.187.df.iaccap.com  (74.113.233.187:80)

TCP (HTTP):
Connects to server-54-230-0-91.lhr5.r.cloudfront.net  (54.230.0.91:80)

TCP (HTTP):
Connects to server-54-230-0-223.lhr5.r.cloudfront.net  (54.230.0.223:80)

TCP (HTTP):
Connects to 94.31.29.55.IPYX-077437-ZYO.above.net  (94.31.29.55:80)

TCP (HTTP):
Connects to server-54-230-0-151.lhr5.r.cloudfront.net  (54.230.0.151:80)

TCP (HTTP):
Connects to host-213.158.175.49.tedata.net  (213.158.175.49:80)

TCP:
Connects to wb-in-f188.1e100.net  (66.102.1.188:5228)

TCP (HTTP):
Connects to server-54-230-0-93.lhr5.r.cloudfront.net  (54.230.0.93:80)

TCP (HTTP):
Connects to server-54-230-0-83.lhr5.r.cloudfront.net  (54.230.0.83:80)

TCP (HTTP):
Connects to server-54-230-0-42.lhr5.r.cloudfront.net  (54.230.0.42:80)

TCP (HTTP):
Connects to server-54-192-203-186.fra50.r.cloudfront.net  (54.192.203.186:80)

TCP (HTTP):
Connects to frankfurt-15.cdn77.com  (185.59.220.17:80)

TCP (HTTP):
Connects to ec2-52-19-47-218.eu-west-1.compute.amazonaws.com  (52.19.47.218:80)

TCP (HTTP):
Connects to c05.r9cdn.com  (51.254.42.13:80)

TCP (HTTP):
Connects to 74-115-0-211.anchorfree.com  (74.115.0.211:80)

TCP (HTTP):
Connects to 199-255-211-49.anchorfree.com  (199.255.211.49:80)

Remove AdMunch.exe - Powered by Reason Core Security