» amigo_setup.exe
Overview
Analysis
File Details
Downloads (1)
Network (2)

amigo_setup.exe

Amigo@Mail.Ru

LLC Mail.Ru

The executable amigo_setup.exe has been detected as malware by 1 anti-virus scanner. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from amigo.mail.ru. While running, it connects to the Internet address amigodl.mail.ru on port 80 using the HTTP protocol.

File name:

amigo_setup.exe

Publisher:

Mail.Ru (signed by LLC Mail.Ru)

Product:

Amigo@Mail.Ru

Version:

2.0.0.174

MD5:

089e6b8aec1d4268e31bc4e199ecc6cf

SHA-1:

17c4bd0bd38f6f2a7a92fe52f3dd9903ff087da0

SHA-256:

6e93d186ebbfd532f2ade95f22747ee4c033dbc63386875437b3080eabd114f3

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

12/26/2024 2:03:34 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Win32.Generic

17.2.9.14

File size:

392.5 KB (401,912 bytes)

Product version:

2.0.0.174

Original file name:

Amigo@Mail.Ru

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\amigo_setup.exe

Digital Signature

Signed by:

LLC Mail.Ru

Authority:

thawte, Inc.

Valid from:

12/27/2016 2:00:00 AM

Valid to:

12/28/2018 1:59:59 AM

Subject:

CN=LLC Mail.Ru, OU=LLC Mail.Ru, O=LLC Mail.Ru, L=Moscow, S=Moscow, C=RU

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

73AE78A2E7488B911CC4BA3AD48388D3

File PE Metadata

Compilation timestamp:

1/30/2017 4:04:01 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

Entry address:

0xFAA3

Entry point:

E8, 00, 06, 00, 00, E9, 8E, FE, FF, FF, FF, 25, D0, F3, 42, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, F2, C3, 8B, 4D, F0, 33, CD, F2, E8, 6B, F6, FF, FF, F2, E9, DA, FF, FF, FF, 8B, 4D, EC, 33, CD, F2, E8, 5A, F6, FF, FF, F2, E9, C9, FF, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 70, 10, 44, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, F2, C3, 50, 64, FF, 35, 00... 
[+]

Code size:

181 KB (185,344 bytes)

The file amigo_setup.exe has been seen being distributed by the following URL.

https://amigo.mail.ru/amigo_setup.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to mrds.mail.ru (217.69.139.245:80)

TCP (HTTP):

Connects to amigodl.mail.ru (94.100.180.106:80)

Remove amigo_setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.