home

elegantsoft.ru

Private Person  (Proxy Registrant)

Domain Information

The domain elegantsoft.ru is registered by proxy through REGRU-RU and was originally registered in September of 2014. This domain has been known to host and distribute adware as well as other potentially unwanted software. The hosted server (94.228.218.215) is located in Netherlands which resides on the RIPE Network Coordination Centre network.
Registrar:
REGRU-RU

Server location:
Netherlands (NL)

Create date:
Thursday, September 18, 2014

Expires date:
Sunday, September 18, 2016

ASN:
AS47869 NETROUTING-AS Netrouting,NL

Whois:
1 elegantsoft.ru record

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Alol (M), PUP.Alol.Installer (M)
76.19%

McAfee
Artemis!5CD5C8F1B5D7, Artemis!4FD4197F758E, Artemis!5AD6459C4161, Artemis!429071958094, Artemis!4DED78D0EEEF
23.81%

G Data
Trojan.GenericKD.2794846, Trojan.GenericKD.2835496, Win32.Trojan.Agent.EHIVMW, Win32.Trojan.Agent.UU541Q, Trojan.GenericKD.2868371
23.81%

ESET NOD32
Win32/MediaMagnet.CO potentially unwanted (variant), Win32/Kryptik.EFGU (variant), Win32/Kryptik.ECQO (variant)
19.05%

VIPRE Antivirus
Trojan.Win32.Generic, Adware.Agent
19.05%

Fortinet FortiGate
Riskware/MediaMagnet, W32/Kryptik.EFGU!tr, Adware/Agent
19.05%

AVG
Downloader, Generic, Crypt5
19.05%

Baidu Antivirus
PUA.Win32.MediaMagnet, Adware.Win32.iBryte
19.05%

MicroWorld eScan
Trojan.GenericKD.2794846, Trojan.GenericKD.2835496, Trojan.GenericKD.2868371
14.29%

Bitdefender
Trojan.GenericKD.2794846, Trojan.GenericKD.2835496, Trojan.GenericKD.2868371
14.29%

Emsisoft Anti-Malware
Trojan.GenericKD.2794846, Trojan.GenericKD.2835496, Trojan.GenericKD.2868371
14.29%

F-Secure
Trojan.GenericKD.2794846, Trojan.GenericKD.2835496, Trojan.GenericKD.2868371
14.29%

avast!
Win32:Malware-gen
14.29%

nProtect
Trojan.GenericKD.2794846, Trojan.GenericKD.2835496
9.52%

Arcabit
Trojan.Generic.D2AA55E, Trojan.Generic.D2BC493
9.52%

The domain elegantsoft.ru has been seen to resolve to the following 2 IP addresses.

151.80.243.158
ext1-res.coin32.com
February 28, 2016

94.228.218.215
ip4-94-228-218-215.rdns.netrouting.net
February 28, 2016

File downloads found at URLs served by elegantsoft.ru.

1 / 68      (PUP)
http://elegantsoft.ru/uploads2/.../xx.ProShopper.exe  (798f0461dbc117b2ae1b3cd54aad682b)

16 / 68    (PUP)
http://elegantsoft.ru/uploads2/.../xx.ProShopper.exe  (429071958094dd529d46f4bfa91505e9)

1 / 68      (PUP)
http://elegantsoft.ru/uploads2/.../xx.ProShopper.exe  (633947a118b37953b7ce00b2005c95aa)

1 / 68      (PUP)
http://elegantsoft.ru/uploads2/.../xx.ProShopper.exe  (9df57323ecb9b8ef75046b6bdbca553f)

1 / 68      (PUP)
http://elegantsoft.ru/uploads2/.../xx.ProShopper.exe  (69590e64ce9b908f348b53f4a4fc6236)

15 / 68    (PUP)
http://elegantsoft.ru/libs/core/.../shystaler_sig.dll  (nstaller.dll)

1 / 68      (PUP)
http://elegantsoft.ru/uploads2/.../xx.ProShopper.exe  (f89e94512abac3a74b097e5759f165cc)

13 / 68    (PUP)
http://elegantsoft.ru/uploads2/.../xx.ProShopper.exe  (5ad6459c416190398303c7a9ac04d0dd)

1 / 68      (PUP)
http://elegantsoft.ru/uploads2/.../xx.ProShopper.exe  (629f9ab4a6925b53864fcfe3f99b8251)

1 / 68      (PUP)
http://elegantsoft.ru/uploads2/.../xx.ProShopper.exe  (9f77da0d278141adb6da5ee84a8f7276)

1 / 68      (PUP)
http://elegantsoft.ru/uploads2/.../xx.ProShopper.exe  (a36be74f3ebd26feaebf6e17cc727d05)

1 / 68      (PUP)
http://elegantsoft.ru/uploads2/.../xx.ProShopper.exe  (d007ec37e88fa559e899c5347c3ebcab)

1 / 68      (PUP)
http://elegantsoft.ru/uploads2/.../xx.ProShopper.exe  (98da0525af1cf732cab50792b0305360)

1 / 68      (PUP)
http://elegantsoft.ru/uploads2/.../xx.ProShopper.exe  (9f05c32c38b9a9ff1848d3f6de0380c0)

1 / 68      (PUP)
http://elegantsoft.ru/uploads2/.../xx.ProShopper.exe  (9cfd.tmp.exe)

1 / 68      (PUP)
http://elegantsoft.ru/uploads2/.../xx.ProShopper.exe  (84ec0918b4d73a5730e762b78608524a)

15 / 68    (PUP)
http://elegantsoft.ru/libs/.../shystaler_sig.dll  (nstaller.dll)

1 / 68      (PUP)
http://elegantsoft.ru/uploads2/.../xx.ProShopper.exe  (9438ea0643094b2cc3d50ebb896f59e8)

1 / 68      (PUP)
http://elegantsoft.ru/uploads2/.../xx.ProShopper.exe  (1ac013026618e68f28e749944ab4911e)

1 / 68      (PUP)
http://elegantsoft.ru/uploads2/.../xx.ProShopper.exe  (8de23218dab3aa49a8af245e4a57071f)

9 / 68      (Malware)
http://elegantsoft.ru/libs/.../shystaler_sig.dll  (nstaller.dll)

14 / 68    (PUP)
http://elegantsoft.ru/libs/.../shystaler_sig.dll  (nstaller.dll)

The following 39 files have been seen to comunicate with elegantsoft.ru in live environments.

TCP » 151.80.243.158:80
skin selector v2.1.exe (ModInstall by www.GameModding.net)

TCP » 151.80.243.158:80
dbupdater.exe

TCP » 151.80.243.158:80
163839-nissan-gtr-r35-rocket-bunny-gtasa.exe (ModInstall by www.GameModding.net)

TCP » 151.80.243.158:80
184499-iron-man-gtasa.exe (ModInstall by www.GameModding.net)

TCP » 151.80.243.158:80
162119-colormod-v.3-gtasa.exe (ModInstall by www.GameModding.net)

TCP » 151.80.243.158:80
191550-audi-s4-brktn24-ets2.exe (ModInstall by www.GameModding.net)

TCP » 151.80.243.158:80
dbupdater.exe

TCP » 151.80.243.158:80
7245-porsche-carrera-gt-carbon-gtasa.exe (ModInstall by www.GameModding.net)

TCP » 151.80.243.158:80
139556-wheels-pack-by-vitalik101-gtasa.exe (ModInstall by www.GameModding.net)

TCP » 151.80.243.158:80
144597-gta-v-hud-by-dk22pac-gtasa.exe (ModInstall by www.GameModding.net)

TCP » 151.80.243.158:80
dbupdater.exe

TCP » 151.80.243.158:80
dbupdater.exe

TCP » 151.80.243.158:80
112118-volkswagen-gol-g4-gtasa.exe (ModInstall by www.GameModding.net)

TCP » 151.80.243.158:80
153862-arctic-beta2-map-css.exe (ModInstall by www.GameModding.net)

TCP » 151.80.243.158:80
162741-foxy-iz-five-nights-att-freddys-gtasa.exe (ModInstall by www.GameModding.net)

TCP » 151.80.243.158:80
199105-ford-focus-3-gtasa.exe (ModInstall by www.GameModding.net)

TCP » 151.80.243.158:80
151218-gta-v-hud-v0.925-next-gen-edition-gtasa.exe (ModInstall by www.GameModding.net)

TCP » 151.80.243.158:80
196514-dodge-charger-hellcat-fs2015.exe (ModInstall by www.GameModding.net)

TCP » 151.80.243.158:80
23141-new-hd-roads-gtasa.exe (ModInstall by www.GameModding.net)

TCP » 151.80.243.158:80
90575-honda-cb600f-hornet-2012-gtasa.exe (ModInstall by www.GameModding.net)

 
Latest 20 of 39 files

URL:
http://elegantsoft.ru/

Web server:
nginx

downloadcloud.ru

fastloadmedia.ru

sputnikdistr.ru

360av.ru

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.