home

amigo_adsetup_prdctch.exe

Amigo@Mail.Ru

LLC Mail.Ru

The executable amigo_adsetup_prdctch.exe has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from dl3.vessoft.com. While running, it connects to the Internet address amigodl.mail.ru on port 80 using the HTTP protocol.
Publisher:
Mail.Ru  (signed by LLC Mail.Ru)

Product:
Amigo@Mail.Ru

Version:
2.0.0.169

MD5:
90cc9c9834fa3d84847d63e811b4881b

SHA-1:
5fcdc2f1a1d31a72cd846c712d471a02999fe054

SHA-256:
c5f2d957e7d1c16dbe0fd77e5c8817041b6ca133ccc226595779b5256b4d5413

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
1/13/2025 9:13:17 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic
17.1.2.13

File size:
392.2 KB (401,640 bytes)

Product version:
2.0.0.169

Copyright:
Copyright 2015

Original file name:
Amigo@Mail.Ru

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\amigo_adsetup_prdctch.exe

Digital Signature
Signed by:
LLC Mail.Ru

Authority:
thawte, Inc.

Valid from:
8/6/2015 4:00:00 AM

Valid to:
10/5/2017 3:59:59 AM

Subject:
CN=LLC Mail.Ru, O=LLC Mail.Ru, L=moscow, S=Moscow, C=RU

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
10F4D809B7AA340870993C0042347814

File PE Metadata
Compilation timestamp:
12/1/2016 7:55:47 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0xFAA3

Entry point:
E8, 00, 06, 00, 00, E9, 8E, FE, FF, FF, FF, 25, D0, F3, 42, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, F2, C3, 8B, 4D, F0, 33, CD, F2, E8, 6B, F6, FF, FF, F2, E9, DA, FF, FF, FF, 8B, 4D, EC, 33, CD, F2, E8, 5A, F6, FF, FF, F2, E9, C9, FF, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 70, 10, 44, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, F2, C3, 50, 64, FF, 35, 00...
 
[+]

Code size:
181 KB (185,344 bytes)

The file amigo_adsetup_prdctch.exe has been seen being distributed by the following URL.

http://dl3.vessoft.com/files2/a/amigo_windows/54.0.2840.189/.../amigo_adsetup_prdctch.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to mrds.mail.ru  (217.69.139.245:80)

TCP (HTTP):
Connects to amigodl.mail.ru  (94.100.180.106:80)

Remove amigo_adsetup_prdctch.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.