ammyy-admin.exe

Calor

Opti-Connector (New Media Holdings Ltd)

The application ammyy-admin.exe, “Calor Setup ” by Opti-Connector (New Media Holdings) has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the installCore installer. The file has been seen being downloaded from www.giftchuckleflash.com and multiple other hosts.
Publisher:

Product:
Calor

Description:
Calor Setup

Version:
4.2.5.4

MD5:
e3da512ef6aab98dd03227884911c013

SHA-1:
19470351f213bc0e35c4c4a898e1826a357d6863

SHA-256:
1aae9936421b324f42a2ace8ff14ef444c799bcef7310b83692a4f519875c0d2

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/26/2024 1:28:19 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.NewMedia.NMH.Bundler (M)
16.6.22.10

File size:
961.5 KB (984,552 bytes)

Product version:
4.3.1

File type:
Executable application (Win32 EXE)

Bundler/Installer:
installCore (using Inno Setup)

Language:
Language Neutral

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
3/14/2016 6:17:28 PM

Valid to:
6/25/2017 2:58:45 PM

Subject:
CN=Opti-Connector (New Media Holdings Ltd), O=Opti-Connector (New Media Holdings Ltd), L=Tel Aviv, C=IL

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121514827CB46F6E7CA11FEEC66DEF15479

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:XciWNIB0HCIMF+5VLeuSYAqRJinEaJ82bWmVoKh:XB4IGHCI9XLAqRJAEaJ89mXh

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9347

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file ammyy-admin.exe has been seen being distributed by the following 36 URLs.

http://www.giftchuckleflash.com/c?x=mbUfDEsQnsQsiR25fZdlxxfO/uQcaQzYRq1QRvml01g=&c=7raCexVTSXNQwFLCxoRD/65UmuSXibGoTefp JjKQ6QjpLpOSVvdxLRdwHeXUyQGTfCPRtbCNP5Kf4XThiqR0SKFSmBTY3no0Y5iJ1wLrmgb56Ce50QJk4LniNhLEf0RPr1SqWLUwGEVz2wjp59oHKixEOrsqtyIiJB2BBOVtKo=&e=0&fallback_url=https://secure.innodl.com/.../ammyy-admin.exe

http://www.giftchuckleflash.com/c?x=ItdPF1NG0sYqeV68ndMlyywHEHb1n/4FGJw0sIQcDNA=&c=ScdOU4xUNKfiSiZtqTb9TNcJrec9kvcOHR2Y6ZQWhXqik9g b9pXUPKiLqk6Pp8H3wzjgzTJR6ZkWkW CPHKGwY59NIE/HykfbI9ceo46c 5mxgMIDUxcAGtr5nLXIfnTLrMvhv4pHmqsbM 5TJiUvZJ9ZKr/ iCk6vU5zUW8CU=&e=0&fallback_url=https://secure.innodl.com/.../ammyy-admin.exe

http://www.giftchuckleflash.com/WVl6OTRQVmgwVlcxVVVtSmtXSGhVUkZsQ01rOWlOR0pVSlRKR04xSlJNSEJJWWpKdVNUbEVibUpHZVVSdWRXMVNXU1V6UkNaalBXUXdlRXRJVEVSRFVWZHVlRXBWZGpWWFFWWm9iMUZrZG5JNVZYSTBjWGd4YVZGMlNsUkVZa0ptWnpORWVucFRhRFJxVHpWUFNsTlZXbGhNVWpsUWJVaEJja2wxWWt0MFJHTkdRa05aVWtZMFRWY3lXbUZ1YkhwemNDVXlRa1Z4YkZGaWJWRXpZMDV3ZDNWR1FXcHRNbGRhYUdrNVNXWkhNVTEzV0c1bU16Qk1RVVJsZURsNVVYbzBNekZhUmxneVNqQjVhek4yUkRWM0pUTkVKVE5FSm1VOU1DWm1ZV3hzWW1GamExOTFjbXc5YUhSMGNITWxNMEVsTWtZbE1rWnpaV04xY21VdWFXNXViMlJzTG1OdmJTVXlSbFZUSlRKR1lXMXRlWGt0WVdSdGFXNHVaWGhsSlROR2MzUWxNMFJZV0hGRlJtTnlibWhoTWkxM2NWQnBTa3B0VmtkQkpUSTJaU1V6UkRFME5qY3lPVEk0TnpJbVpHOTNibXh2WVdSQmN6MWhiVzE1ZVMxaFpHMXBiaTVsZUdVPQ==

http://www.giftchuckleflash.com/c?x=Zt3XkZyCxkjWX80CPG6hgOiyD6lBujgk/zjfTqRzNhA=&c=chp6Z3KoyNyGrwNoZi59YQtQNciqQokMYjaxOhjHFRIHzroInCh/movFjudHVVVjW2/cEyHd76tflJQgpWH357rJlKWYcwd8ocgq6AF7pEf3XLaesHJygYYp4JCkgvzH0tJDfX9EcRWUC8v9NXBgN9oQswVL9EInDtQShp3oEkM=&e=0&fallback_url=https://secure.innodl.com/.../ammyy-admin.exe

http://www.giftchuckleflash.com/c?x=pD/naqs74yufGsC5SRt8HvliWwdD7HUD7eR0lxr5Wn8=&c=JZbMSznsmPulbgJEnpgDuu9pitAQfBI/E5VBijs/ZpHEQiVmm83YPj0ZBiqhAD4aGwJ6zyaF9xUWzC4JcSVRWLV/wSVePOoP1uJIJoP/04Ite8CNy264jBwlk7gJsgwnYvAACPfv4Rdbq318VwEruC2rjra4D/nRGp3n2gYPNAw=&e=0&fallback_url=https://secure.innodl.com/.../ammyy-admin.exe

http://www.giftchuckleflash.com/WVl6OTRQV293TXpJMVRsZFpSWGszVkdwNWVYVlBTazFwWkRWTkpUSkNRWFZ1WkdKRGRsWmxkU1V5UWpGU2RUVmpiVVYzSlRORUptTTlTR2RCYjBsVE16VkdhWFlsTWtZeVptVlNWV05CWm1sSGFrUndZazFqU0RkUU1tVnlaSFphY0ZGQ1NrMW1iMEpJU1dkT1pVcE9ia2RwZGtoSFFWaEhSVXBVTUNVeVFuQm9SbnA1ZDBoTVptVkhhV0ZGUVhkUk1uWkxRbkpxWlZobWJFaHBhalJ1U0dwdVkwVkRaelE1V2tGdWVGbFJVVEF3UVZJMVVtUmlOR1ZWZURGVWJIWndaV0ZwYlhGSU9HeENiRU5SYkhWRGEwbENVU1V6UkNVelJDWmxQVEFtWm1Gc2JHSmhZMnRmZFhKc1BXaDBkSEJ6SlROQkpUSkdKVEpHYzJWamRYSmxMbWx1Ym05a2JDNWpiMjBsTWtaVlV5VXlSbUZ0YlhsNUxXRmtiV2x1TG1WNFpTVXpSbk4wSlRORVVqUldUbGxCWVhScU1XMUhNbXBUWW1Jd1VGWkNVU1V5Tm1VbE0wUXhORFkyTmpnd056WTRKbVJ2ZDI1c2IyRmtRWE05WVcxdGVYa3RZV1J0YVc0dVpYaGw=

http://www.giftchuckleflash.com/c?x=UYqOYPdwOSfVWZYTT/E xdsddZi/FZwLlMPZCjFcODA=&c=ITA6bdOO02/RSfik2uX1KdmKfyz9H8Iudh064H nsN9pcWqgPD3QqlIABGcbFqWVKwlzOU49n3mvgkh 32FQMR7J7jaC1VI2IkXwavZfJvEnk6gpU EI/VOC3ZyUIj8cwD0F1JoZnQ 9DE mSZQDqA==&e=0&fallback_url=https://secure.innodl.com/.../ammyy-admin.exe

Latest 30 of 36 download URLs

Remove ammyy-admin.exe - Powered by Reason Core Security