home

www.laboratorybulkpackage.com

Domain Information

Server location:
Oregon, United States (US)

ASN:
AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:
laboratorybulkpackage.com

Scanner detections:
Detections  (80% detected)

Scan engine
Details
Detections

Reason Heuristics
(M), PUP.installCore.Purch.Installer (M)
70.00%

Clam AntiVirus
Win.Malware.Agent3850084642/CRDF-1
10.00%

Avira AntiVirus
W32/Mabezat
10.00%

Trend Micro House Call
TROJ_GEN.F47V1019
10.00%

F-Prot
W32/Sality.gen2
10.00%

Emsisoft Anti-Malware
Win32.Sality
10.00%

Microsoft Security Essentials
Threat.Undefined
10.00%

avast!
Win32:SaliCode
10.00%

AVG
Win32/Sality
10.00%

ESET NOD32
Win32/Sality.NBA virus
10.00%

Kaspersky
Virus.Win32.Sality
10.00%

Norman
Win32.Sality.3
10.00%

Dr.Web
Win32.Sector.30
10.00%

The domain www.laboratorybulkpackage.com has been seen to resolve to the following 14 IP addresses.

52.10.159.134
ec2-52-10-159-134.us-west-2.compute.amazonaws.com
July 24, 2016

54.200.224.121
ec2-54-200-224-121.us-west-2.compute.amazonaws.com
July 20, 2016

54.148.183.210
ec2-54-148-183-210.us-west-2.compute.amazonaws.com
July 20, 2016

54.186.99.90
ec2-54-186-99-90.us-west-2.compute.amazonaws.com
July 6, 2016

54.191.246.249
ec2-54-191-246-249.us-west-2.compute.amazonaws.com
July 2, 2016

54.148.57.212
ec2-54-148-57-212.us-west-2.compute.amazonaws.com
July 1, 2016

52.41.114.34
ec2-52-41-114-34.us-west-2.compute.amazonaws.com
June 25, 2016

52.38.209.219
ec2-52-38-209-219.us-west-2.compute.amazonaws.com
June 25, 2016

52.33.165.25
ec2-52-33-165-25.us-west-2.compute.amazonaws.com
June 25, 2016

52.33.46.229
ec2-52-33-46-229.us-west-2.compute.amazonaws.com
June 25, 2016

52.32.12.104
ec2-52-32-12-104.us-west-2.compute.amazonaws.com
June 25, 2016

52.24.26.116
ec2-52-24-26-116.us-west-2.compute.amazonaws.com
June 25, 2016

54.149.195.20
ec2-54-149-195-20.us-west-2.compute.amazonaws.com
June 25, 2016

54.69.198.37
ec2-54-69-198-37.us-west-2.compute.amazonaws.com
June 25, 2016

File downloads found at URLs served by www.laboratorybulkpackage.com.

1 / 68      (PUP)
http://www.laboratorybulkpackage.com/c?x=zoLck4a2gjWFLhfpFwNRvZSJ2ieMtpNHNzIYEMw kHM=&c=RC3v6RcxyPott0EO7X/ZuN1gnrtPyugH ci03HAEZR6WKvOLet6ybbt/.../HoITTQD6lMBEcZFbe H5Xq9eR1VLtuvpCcIlBKjbvGHafuvR4L7YdFra&downloadAs=TomsInstaller.exe  (f5fec3aa5ed5312d9d126de15fcd8b94)

1 / 68      (PUP)
http://www.laboratorybulkpackage.com/c?x=tOgcSnKCbd3Z ATCm5OQFny9MfzZrNx3WpHYahyMWg0=&c=LCFL5znePWBvj9rP6QuPZ8OaidU1lRPRpWABE6yYQZkmW2wFPDSvFxhv4ux9HsZaitpZI3QfaRhttKy/.../4XvC5ADebZeOo5vjA4FBG&downloadAs=TomsInstaller.exe  (dacce8f9-9dd6-b879-8cdc-d76710cb04df_1d1c403ec1220e2)

1 / 68      (PUP)
http://www.laboratorybulkpackage.com/c?x=pA/z jJ9dY rSJEBWnBV2ZhQBG8AIO/.../PuVtr6Bc9DUQamlKs3NbRcu7jM3tE8WDbe8P7Nv4qV8e29qALmjyb9qMIUfr0T4lhalzTVMeBHf9bpzLRIqPXXulBE75I6DdiNdOwQ5HWXTmkxwSD iNTlk&downloadAs=TomsInstaller.exe  (f5fec3aa5ed5312d9d126de15fcd8b94)

1 / 68      (PUP)
http://www.laboratorybulkpackage.com/c?x=R oveEZSIpItWZMysnCFqcbGE1lzELWj5XPkZMtuaGE=&c=oU6hVtqH/.../VqXS38mM5QFPDwC3nYCIqtxNyJegMo3baJdg0rAl9ckAOMvcIUvHQDtHCfKyZdUyM1qjUXlFH8enDAl7ekESeCLWOocnMJfw5&downloadAs=TomsInstaller.exe&_ga=1.172236129.397142114.1466059078  (e2abe9c1f5d8abb2a623a3136f72bace)

1 / 68
http://www.laboratorybulkpackage.com/c?x=yh8R1ZgcV3mWfMuvke6WmUbS0D2DzkJzJxkjzN wIP0=&c=DWhTBS3BxIwVFOejdP1meKIpjrY0OaZAjr7TMBPYvxHrc0eOPZr86tqoEqfXG1BUwR NHiWcl9loLN oZVzVS2r7NSKgweR/.../eIUwuwASq4PwEpqLUEiT&downloadAs=TomsInstaller.exe  (Minecraft.exe)

9 / 68      (Infected)
http://www.laboratorybulkpackage.com/c?x=F0oFxpzDQI7IRTVf9CM8Bq2q6WMl gdhK73BW0TpnDo=&c=RPxUgjnA0qLqRN3Nz6ffpd6jmQHImfMnmW9OwJjizWLJmzOfr9VpNOGkFr5RB1WXRDKhLXwV2nOhlHMZARW9SHI0MtPm1d1IESiV9tL5e0ddL8Obr778Q4WluMykTepm&downloadAs=TomsInstaller.exe  (orbitdownloadersetup.exe)

1 / 68      (PUP)
http://www.laboratorybulkpackage.com/.../QALpgF35T3TITA603xmDLdmXG3B0 Vgzv127&downloadAs=TomsInstaller.exe&_ga=1.252781385.1945113548.1466109765  (e2abe9c1f5d8abb2a623a3136f72bace)

1 / 68
http://www.laboratorybulkpackage.com/c?x=3R/3vJdlwtHlW0c4u55hO9 opT8U8Em5cgLLFWGmlrs=&c=uGDHNjDkpSGRUYFfj7GuUkBACj1O4aCIcwhe6ZDo8Wq/.../kRXgmKPsT0iz8nhABlvJ9V29oQIzazbBi2lyV9hudMmGePjK8o6F1xE2Dck 1VQ0G5nv&downloadAs=TomsInstaller.exe  (desktopgadgetsrevived-2.0.exe)

1 / 68      (PUP)
http://www.laboratorybulkpackage.com/c?x=uC5KQjfI9fdamqyn0BDUD1G/A5AyoB0OMc tvYJASm0=&c=qp Iu4VspLrln7iNC4dTD8PHyWUjQivkISTgUZ6nBZEQ38/bLV KHVT46ei2ozQTI7M9ptROQLVBSQa6y33AnOo8DaY3h zF/.../ZY9uH3rYfP3sb 4sf0gSX&downloadAs=TomsInstaller.exe  (e2abe9c1f5d8abb2a623a3136f72bace)

2 / 68      (Malware)
http://www.laboratorybulkpackage.com/c?x=kuNlblkGev EfWn0WOxfRXl29W0FNuddrw ceZmst/g=&c=F05rJ88oVQoyJHNbxmw5RtKOc2QAjdSeXwBWh2cMOpVsKt9WUaat61g74UvU0/kyf/cVF57cxKBp9noPRj2VinXAQ887tOm5RXODRSRpbDpSz1RhMqFw/.../rOL &downloadAs=TomsInstaller.exe  (Minecraft.exe)

1 / 68      (PUP)
http://www.laboratorybulkpackage.com/c?x=u/XbydQXY0tv6iyHxdpOLpspdfaYtUj2zTqeIDVUakE=&c=XVyTieBjv4ZEtAnaFL4NUILoGUi2We6no/D9pUlKRj06gFlkcCSaQE iEVdXUSioxp7US/.../GEueEnfevrSJYXzNK&downloadAs=TomsInstaller.exe&_ga=1.63997807.1763233769.1466168951  (288118720d5a48ab2d5eebf45ead1788)

1 / 68      (PUP)
http://www.laboratorybulkpackage.com/c?x=npZ7N 56Db78hXJhwwzT q/0PIDU2IU1eodfD5Z8xf8=&c=LF32GuRdGkJ63q43EYBUyi0XCyloc1j UHB5d9AlfShyiKqoAVBXhtM lleas37xbhcoascsu2JYiy/2wG/.../EtGfXPHSEYwN7RVCgNTXkp1&downloadAs=TomsInstaller.exe&_ga=1.60940456.508344791.1466170285  (a69fd8f1d3e19765c084e604f6325509)

1 / 68      (PUP)
http://www.laboratorybulkpackage.com/.../y550QOWP95RuZ5nMzYPTG3fPBC2BYiBhkW0=&c=TpADUpT19mG7daJKOnTMtRYwJnADrSbmUlkZgDTa4zgeJf8Ou1USC6zANhEQssZqmMyw4ajRC5b3dQamEXsRo1LcI9yZx3sWA2NGkrgwH8y3XkyxclfcHKggR MlkBA0&downloadAs=TomsInstaller.exe&_ga=1.204678803.2069365891.1466000001  (3ef7e61530db26bff7a02bb6f1039de3)

The following 36 files have been seen to comunicate with www.laboratorybulkpackage.com in live environments.

TCP » 52.38.209.219:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.33.46.229:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.33.46.229:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 52.38.209.219:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 52.38.209.219:80
browserairexec.exe (BrowserAir by Goobzo)

TCP » 54.200.224.121:80
browser.exe (Browser)

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443
online-guardian-v2.0.9.exe

TCP » 54.200.224.121:80
kometa.exe (Kometa by @COMPANY_FULLNAME@)

TCP » 52.38.209.219:80
browser.exe (Browser)

TCP » 52.33.46.229:80
citrio.exe (Citrio by CatalinaGroup)

TCP » 54.200.224.121:80
UCBrowser.exe (UC Browser by UCWeb)

TCP » 54.200.224.121:80
ShopAtHome_BAC_Service.exe (by ShopAtHome.com)

TCP » 54.200.224.121:80
browser.exe (Browser)

TCP » 52.33.46.229:80
Client.exe

TCP » 54.200.224.121:80
kmplayer_3.8.0.123.exe.exe (The KMPlayer by PandoraTV)

TCP » 52.24.26.116:443
rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443
036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.33.46.229:80
ShopAtHome_BAC_Service.exe (by ShopAtHome.com)

TCP » 52.33.46.229:80
rlvknlg.exe (Relevant-Knowledge by TMRG)

 
Latest 20 of 77 files

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.