dance.exe

TODO:

Asiasoft Online Pte Ltd

The application dance.exe, “TODO: <File description>” by Asiasoft Online Pte has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
TODO: <Company name>  (signed by Asiasoft Online Pte Ltd)

Product:
TODO: <Product name>

Description:
TODO: <File description>

Version:
1.0.0.1

MD5:
376b01675db2ffb7a6370380ddaeccab

SHA-1:
3a0aec22ba0ff5464156c368d619a3a8518d0fbf

SHA-256:
02778d18f4a0d12ef87d4384a61dbbaf2a0185e80578c4364e98b4bc0887994f

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/15/2024 10:48:30 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.1.11.15

File size:
2.5 MB (2,583,616 bytes)

Product version:
1.0.0.1

Copyright:
TODO: (c) <Company name>. All rights reserved.

Original file name:
dance.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
1/9/2017 1:04:42 PM

Valid to:
1/10/2018 1:04:42 PM

Subject:
CN=Asiasoft Online Pte Ltd, O=Asiasoft Online Pte Ltd, L=Singapore, S=Singapore, C=SG

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE

Serial number:
56C5DADA6BE9CF49DAC475C2

File PE Metadata
Compilation timestamp:
3/4/2016 4:40:32 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

Entry address:
0x272A0

Entry point:
55, 8B, EC, 6A, FF, 68, 58, BF, 45, 00, 68, 54, 71, 42, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, C4, 90, 53, 56, 57, 89, 65, E8, B8, 94, 00, 00, 00, E8, 70, D4, FF, FF, 89, 65, 84, 89, 65, E8, 8B, 45, 84, 89, 45, 90, 8B, 4D, 90, C7, 01, 94, 00, 00, 00, 8B, 55, 90, 52, FF, 15, 30, 23, 45, 00, 8B, 45, 90, 8B, 48, 10, 89, 0D, E0, 98, 46, 00, 8B, 55, 90, 8B, 42, 04, A3, EC, 98, 46, 00, 8B, 4D, 90, 8B, 51, 08, 89, 15, F0, 98, 46, 00, 8B, 45, 90, 8B, 48, 0C, 81, E1, FF, 7F, 00, 00, 89, 0D...
 
[+]

Entropy:
6.9344

Developed / compiled with:
Microsoft Visual C++

Code size:
324 KB (331,776 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

TCP (HTTP):
Connects to server1.maxiter.co.uk  (96.30.58.72:80)

TCP (HTTP):
Connects to cpng-r2-b211.time.net.my  (203.121.59.211:80)

TCP (HTTP):

TCP (HTTP):
Connects to a184-29-96-218.deploy.static.akamaitechnologies.com  (184.29.96.218:80)

TCP (HTTP):
Connects to 210-86-141-88.static.asianet.co.th  (210.86.141.88:80)

Remove dance.exe - Powered by Reason Core Security