colormedia.exe

ColorMedia.exe

Cart Crunch Israel LTD

The application colormedia.exe by Cart Crunch Israel has been detected as a potentially unwanted program by 3 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “ColorMedia”. While running, it connects to the Internet address 77-72-3-1.hosted-at.kloud.co.uk on port 80 using the HTTP protocol.
Publisher:
Say Media Group LTD  (signed by Cart Crunch Israel LTD)

Product:
ColorMedia.exe

Version:
2.3.0.7

MD5:
30154f016e1a24900970179929f3064c

SHA-1:
14da18aa061e91598dcafd78a0ec11410dfaf0ee

SHA-256:
e0fc44e48480dbbb8d4f6264f160a43d90f53beb4a7e7dbfa24400fa27e3beca

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 7:03:09 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.PicColor
7.1.1

AVG
Generic
2015.0.3276

Reason Heuristics
PUP.CartCrunchIsrael (M)
16.1.6.15

File size:
1.3 MB (1,413,440 bytes)

Product version:
2.3.0.7

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\piccolor utility\colormedia.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
11/16/2014 6:00:00 PM

Valid to:
10/30/2015 6:59:59 PM

Subject:
CN=Cart Crunch Israel LTD, O=Cart Crunch Israel LTD, L=Givatayim, S=NA, C=IL

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3CA4D07AA5563EEDDF79967BA126C1C1

File PE Metadata
Compilation timestamp:
11/5/2014 10:15:35 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
24576:8c98qKUTFZBMZoa1r6vGuBapw0ZXoq39sXDGc1HlikYgTpiRx25ksus/qc/rf:8c9rTF/qoa1u5Bap3ZLNsXCSFi9gdiRM

Entry address:
0x3878

Entry point:
E8, AF, 62, 00, 00, E9, A4, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 60, 0C, 00, 00, 8B, FF, 56, 6A, 01, 68, 74, E0, 41, 00, 8B, F1, E8, 1A, 10, 00, 00, C7, 06, 20, 83, 41, 00, 8B, C6, 5E, C3, C7, 01, 20, 83, 41, 00, E9, 7F, 10, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 20, 83, 41, 00, E8, 6C, 10, 00, 00, F6, 45, 08, 01, 74, 07, 56, E8, B0, FF, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, EB, 0F, 00, 00, C7, 06, 20, 83, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 8B...
 
[+]

Entropy:
7.9746  (probably packed)

Code size:
85.5 KB (87,552 bytes)

Service
Display name:
ColorMedia

Description:
Color Media software provider

Type:
Win32OwnProcess

Depends on:
RPCSS


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 77-72-3-1.hosted-at.kloud.co.uk  (77.72.3.1:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-amt2.fbcdn.net  (31.13.64.21:443)

TCP:
Connects to ee-in-f188.1e100.net  (173.194.65.188:5228)

TCP (HTTP SSL):
Connects to ee-in-f138.1e100.net  (173.194.65.138:443)

TCP (HTTP SSL):
Connects to ec2-50-17-195-149.compute-1.amazonaws.com  (50.17.195.149:443)

TCP (HTTP SSL):
Connects to cache.google.com  (64.15.126.44:443)

TCP (HTTP):
Connects to a95-101-34-57.deploy.akamaitechnologies.com  (95.101.34.57:80)

TCP (HTTP):
Connects to a95-101-34-48.deploy.akamaitechnologies.com  (95.101.34.48:80)

TCP (HTTP):
Connects to 50.97.45.20-static.reverse.softlayer.com  (50.97.45.20:80)

TCP (HTTP):
Connects to 233.245.178.107.bc.googleusercontent.com  (107.178.245.233:80)

TCP (HTTP):
Connects to 208.43.78.130-static.reverse.softlayer.com  (208.43.78.130:80)

TCP (HTTP SSL):
Connects to 2.250.178.107.bc.googleusercontent.com  (107.178.250.2:443)

TCP (HTTP):
Connects to 173.193.251.194-static.reverse.softlayer.com  (173.193.251.194:80)

Remove colormedia.exe - Powered by Reason Core Security