AppManager.exe

Simple Malware Protector

Vapc Lux Sarl

The application AppManager.exe, “SimpleMalwareProtector” by Vapc Lux Sarl has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time.
Publisher:
SimpleStar  (signed by Vapc Lux Sarl)

Product:
Simple Malware Protector

Description:
SimpleMalwareProtector

Version:
2.1.1000.21360

MD5:
c7c2c10f5ecf33401909f564081f0b5f

SHA-1:
cb9979d6e2237e5fa0f52932cf56f0af6ba80865

SHA-256:
2f61075524d24837b89503b3723d3fafa62a463a3b9ee6e33b09477387dd5bec

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/26/2024 10:16:06 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
riskware program Program.Unwanted.1568
9.0.1.05190

Reason Heuristics
PUP.SimpleStar (L)
16.10.17.22

File size:
487.3 KB (498,992 bytes)

Product version:
2.1.1000.21360

Copyright:
Copyright © SimpleStar 2016

Original file name:
AppManager.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\simple malware protector\appmanager.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
2/11/2016 4:11:14 PM

Valid to:
2/10/2017 4:57:32 PM

Subject:
E=Ludovic.trogliero@vapc.lu, CN=Vapc Lux Sarl, O=Vapc Lux Sarl, L=Luxembourg, C=LU

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112130BA28CC6DC89090DD3923776478D67D

File PE Metadata
Compilation timestamp:
10/12/2016 12:06:22 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:jJgeThdNlD3lPOgY8mXUZB9YccBx2h9ZRc969w3cF1pvaki:9VbOwnZB2OhhJ9wsq

Entry address:
0x70ACE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
443 KB (453,632 bytes)

Scheduled Task
Task name:
Simple Malware Protector_ipm

Trigger:
Daily (Runs daily at 11:01)

Description:
Simple Malware Protector_ipm


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 113-125-232-198.static.unitasglobal.net  (198.232.125.113:80)

TCP (HTTP):
Connects to ec2-52-2-143-52.compute-1.amazonaws.com  (52.2.143.52:80)

TCP (HTTP):
Connects to ec2-34-194-231-165.compute-1.amazonaws.com  (34.194.231.165:80)

TCP (HTTP):
Connects to e4.56.089f.ip4.static.sl-reverse.com  (159.8.86.228:80)

TCP (HTTP SSL):
Connects to bam-8.nr-data.net  (162.247.242.20:443)

TCP (HTTP):
Connects to ec2-54-174-121-249.compute-1.amazonaws.com  (54.174.121.249:80)

TCP (HTTP):
Connects to ec2-52-73-235-184.compute-1.amazonaws.com  (52.73.235.184:80)

TCP (HTTP):
Connects to ec2-54-85-189-79.compute-1.amazonaws.com  (54.85.189.79:80)

TCP (HTTP SSL):
Connects to bam-7.nr-data.net  (162.247.242.19:443)

TCP (HTTP):

Remove AppManager.exe - Powered by Reason Core Security