» www.applicationsvaultmeta.com
Overview
Analysis
IPs Addresses (6)
Downloads (6)
Network (6)

www.applicationsvaultmeta.com

Domain Information

Server location:

Oregon, United States (US)

ASN:

AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:

applicationsvaultmeta.com

Scanner detections:

Detections (67% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.InstallCore.Installer.Installer (M), PUP.InstallCore.FC.Installer (M)

100.00%

The domain www.applicationsvaultmeta.com has been seen to resolve to the following 6 IP addresses.

ec2-52-24-26-116.us-west-2.compute.amazonaws.com

May 16, 2016

ec2-54-148-57-212.us-west-2.compute.amazonaws.com

May 16, 2016

ec2-54-69-198-37.us-west-2.compute.amazonaws.com

May 16, 2016

ec2-54-69-11-66.us-west-2.compute.amazonaws.com

May 16, 2016

ec2-52-88-159-85.us-west-2.compute.amazonaws.com

May 16, 2016

ec2-52-25-41-73.us-west-2.compute.amazonaws.com

May 16, 2016

File downloads found at URLs served by www.applicationsvaultmeta.com.

0 / 68

http://www.applicationsvaultmeta.com/WVl6OTRQU1V5Um1WV1VYTndNalZsUXlVeVFsQXdhV0U1YkhOTFlWVXpTVGxNYkc1aVRXcE1ha2hUV1RCeFozZFdkRWxWSlRORUptTTlla1ozU1NVeVFrUmxVa2hTV1VOa05raExaRUpZT1ZadGJHa2xNa1ozYmtVeFVXOXlRVTB3VjB3MVdGQlZaMDV1Um5aQ1JXcE1iREp3Y21nbE1rWjZWaVV5UWlVeVFrRkVVbWhLTlRrbE1rSnBRa3N6VkVkdlYwY2xNa0p5YW00MGQwUlBRa3BNTWpsTmNGVkVOaVV5UWtoVldTVXlSa0YwTlNVeVJtVlhVVlZNUTJOTGVFcElRVWRpYWtabldHbHRhV1J4SlRKR0ptUnZkMjVzYjJGa1FYTTljM1Z3WlhKZmJXRnlhVzlmWW5KdmMxOHpMbVY0WlNabVlXeHNZbUZqYTE5MWNtdzlhSFIwY0NVelFTVXlSaVV5Um1kaGJXVm1ZV0p5YVhGMVpTNWpiMjBsTWtaa2JDVXlSbTVsY3lVeVJuTjFjR1Z5WDIxaGNtbHZYMkp5YjNOZk15NWxlR1U9 (super_mario_bros_3.zip)

1 / 68 (Adware)

http://www.applicationsvaultmeta.com/c?x=/SJrHvQmE9iwlsmEiJZg3mw/oXhMZjxLNPJHDwBbwss=&c=A6nKELDYlNHglDgavqnHfxUYkkgahzRULYAp/namDNbtfOsB0FAqg1qAFu4Yvz7daBtI0LUg7E2iNPbuedKNTMwf3lx9vdLNGSaHwKMKmwihxdYNLW/LQNopSd8lVKo0&downloadAs=snow_brothers.exe&fallback_url=http://gamefabrique.com/dl/.../snow_brothers.exe (b590e244e1948e75cb7b8c8754547c6e)

0 / 68

http://www.applicationsvaultmeta.com/WVl6OTRQWFZzSlRKR2JEWmFiVGMyZVdKb2RTVXlSbnB3SlRKR1dHUlZNbVJVVGpsR1RHUnJUV3RMV2twYVJXSjVjalpzTURRbE0wUW1ZejF5UkU1bVEyVnBURTV4TTNKRlIwbFVKVEpDYlhKM1NuSnRaSEo2WldSTldVUjJWalY0ZW5wUFEybFNaMk56SlRKQ1lVSnFTWGQ1UkhGQlYxSTVaVVppYWsxYUpUSkNibG95YUhkTFpXZHRabUpZU1hVNVNuTkhhR0ozV21GT1NUaDBVamxWWTJFNGRFcFNjREl6UmtKSGJ6SlBPRFF6U0ZsTlNYWnVUM1JqVFc5R2N6SkxKVEpDSm1SdmQyNXNiMkZrUVhNOWMzVndaWEpmYldGeWFXOWZZbkp2Y3k1bGVHVW1abUZzYkdKaFkydGZkWEpzUFdoMGRIQWxNMEVsTWtZbE1rWm5ZVzFsWm1GaWNtbHhkV1V1WTI5dEpUSkdaR3dsTWtadVpYTWxNa1p6ZFhCbGNsOXRZWEpwYjE5aWNtOXpMbVY0WlE9PQ== (super_mario_bros.zip)

1 / 68 (Adware)

http://www.applicationsvaultmeta.com/c?x= Rb2nTQVZN654Lg8KyfOkv ImYcQun8tnyM/pVudmF8=&c=GHUps5VgSHMHNLyM160rR6iksUkorR8Nf bU7h3K0pD6mvvVTuWZOaRAyidRPf NJOIfWTvqNRX0vnPzE8p2301BlGTJobezsIaWIlwqGy3zNfRV0TfogTA1qCIlJGsf&downloadAs=snow_brothers.exe&fallback_url=http://gamefabrique.com/dl/.../snow_brothers.exe (7d579bccf427366ac95197b8631ccd1d)

1 / 68 (Adware)

http://www.applicationsvaultmeta.com/c?x=SPk4JZx9LoICXzoyGufqn4EjKpzAWM9paXyUARWrFEU=&c=blTZQHhMkyGN7B8ibuvT2o4cy/nva7TBO0p7WGtI R4jyw3gFHd0QIMTKebooqwDWFGrduQXpFVks1z3ieIrDroDX35HAJZRuvQHEhYPf5KP 6Nn4A0iJyU4s8MxR9Mr&downloadAs=jungle-book.html&fallback_url=http://.../jungle-book.html (jungle-book.exe)

1 / 68 (Adware)

http://www.applicationsvaultmeta.com/c?x=6XD2OkN800pPE3v00Rcj9my2e50bZFDmzOGIAkLRvig=&c=EQ9XwcpNFQ1oA1/ y fdP UFU23Tm0uO3p7dWAnw0a54vXqLxf7UDpRfOWO1ZcVJoXqGqT6si7mOu4Z1PmPyWNhWtaHXx1IgASTcWKRt5YXV/yDHoXE wPzBIiBaFy1f&downloadAs=sonic_chaos.exe&fallback_url=http://gamefabrique.com/dl/.../sonic_chaos.exe (2c9238c7e0d78fa4e3facdb402d9dba1)

The following 6 files have been seen to comunicate with www.applicationsvaultmeta.com in live environments.

TCP » 52.24.26.116:443

online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443

online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443

036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.24.26.116:443

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443

Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.