» www.packageclearmega.com
Overview
Analysis
IPs Addresses (6)
Downloads (9)
Network (6)

www.packageclearmega.com

Domain Information

Server location:

Oregon, United States (US)

ASN:

AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:

packageclearmega.com

Scanner detections:

Detections (78% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.InstallCore (M), PUP.InstallCore.Installer.Installer (M), PUP.InstallCore.FC.Installer (M)

87.50%

Microsoft Security Essentials

Worm:Win32/NeksMiner.A

12.50%

F-Secure

Application:W32/Generic.70053c248f!Online

12.50%

The domain www.packageclearmega.com has been seen to resolve to the following 6 IP addresses.

ec2-54-148-57-212.us-west-2.compute.amazonaws.com

May 17, 2016

ec2-54-69-198-37.us-west-2.compute.amazonaws.com

May 17, 2016

ec2-54-69-11-66.us-west-2.compute.amazonaws.com

May 17, 2016

ec2-52-88-159-85.us-west-2.compute.amazonaws.com

May 17, 2016

ec2-52-25-41-73.us-west-2.compute.amazonaws.com

May 17, 2016

ec2-52-24-26-116.us-west-2.compute.amazonaws.com

May 17, 2016

File downloads found at URLs served by www.packageclearmega.com.

1 / 68 (Adware)

http://www.packageclearmega.com/c?x=footexINsC0qNvhELrucTyOycwqu04rufe9nfQOiECg=&c=DItf9Z1Kby8iS6801yk0TL/Grv4mzMi0aqeh1wQfohOLNNcA4n7LqmY1es4/WwjSDX5ib1TDyJ6BjxRpIYVsdQKHnxhwDpmaP2OOEyhtTbJG6IWvMb0gp9Kj6bBG PXd&downloadAs=jurassic_park.exe&fallback_url=http://gamefabrique.com/dl/.../jurassic_park.exe (1e3ed400d42860a24b33362576294c21)

1 / 68 (Adware)

http://www.packageclearmega.com/c?x=caKK/iTmtnmTCJy2OulRYpBxBWUWUJIU5X29HimeSAc=&c=Ia9KnV3UHHIDgVjxBgUtZr/2mFAKESTkImrAR9e64zCis19vAy11s8pkSw MWd9cumRQ6PkX4s35V8ubTJobvbPhu9jMiPRWbQPhYuvACukzPF861bjTdOC95Xh3ysBl&downloadAs=aladdin.exe&fallback_url=http://gamefabrique.com/dl/.../aladdin.exe (c.exe)

1 / 68 (Adware)

http://www.packageclearmega.com/c?x=2lrZO u4BiV6sUWCwwWJ7dS9ZNpQuhF/Gw/s2xW5vgM=&c=XiJRyws5nnPE4aAoO5HMMrLeW7hzMMzWbv5fCbRt3pLHi1TKgUDRPZFDf4Ym4SP7gAbXN0 9wzZ5WPwM9oupREDLkBpQWIWYgtpFUSCwVy8kqp/Ryfy/mhgeNwDtrGoi&downloadAs=lego_racers.exe&fallback_url=http://gamefabrique.com/dl/.../lego_racers.exe (f51fdf54171d3d2e9de4f2b01df87474)

1 / 68 (Adware)

http://www.packageclearmega.com/c?x=IYg1V H9iqptAZS/u0Ekz4jyNgOEhsegh4O/Sds2Rpg=&c=aMjKmhsvT9 XsLQKMP3v8nm3hA8eKIOXJFGz8OeKyBYtt7Xspqa4 IZh4oreAdjUabxbpiYKtbNJUpPX2In6RsBoFJXC0ffifRsbvv9O762N/tZ22gJxSo9SnsITH6ot&downloadAs=mega_bomberman.exe&fallback_url=http://gamefabrique.com/dl/.../mega_bomberman.exe (icreinstall_mega_bomberman.exe)

1 / 68 (PUP)

http://www.packageclearmega.com/c?x=OlsxVuItmgTOIIWKUMFBJv4JBbQyV7jJ3IX1Q3veHfM=&c=JaPgCgZadk27SzQmKyyLJz3lo9ySQFonfNhl8ScmAXNTbndGXLg8MQAFm20aqTsnoPcpXg6eCWmUGTI/600MFFlk3vBXlTdm7V1FjZw27sQ IcynE5/vGvCUAEhaGEEz&downloadAs=road_fighter.exe&fallback_url=http://gamefabrique.com/dl/.../road_fighter.exe (10a11024_stp.exe)

1 / 68 (Adware)

http://www.packageclearmega.com/c?x=zaTRjGFyeFmGYjDPqDb6EWGIIIsr0hLwOnUDzpHsoo8=&c=eMoE6qkqOM01OgCTVHJEpbc9Re irCtC/T8phG1uDQH2koEJJOI0eHjtCU FQBEyKHYE2b VJtNzc5bivZGGYdCuJq Znq4ylrme7JLl8GuQO2qeiuguxOdXdN2F4vgj&downloadAs=road_fighter.exe&fallback_url=http://gamefabrique.com/dl/.../road_fighter.exe (f8d3f4dab3334b0c8a9f905112f1e3aa)

2 / 68 (false positives)

http://www.packageclearmega.com/c?x=P/udZZZBt9 Tb 11ODNDZn eTNVVOEs2Pa9XPQIZ4jM=&c=W55fKF4n 1PXt1QDraa2rbH7k sWFif5jeWv1Wrsjvie/Qdr16ZCPn0TSKaDqPq4sBERu6kPePkK/OI5jR3nuqX1E0noT2htCrim6WEC3ey8Fl1cQQudSkkBu4MYCLTa&downloadAs=aladdin.exe&fallback_url=http://gamefabrique.com/dl/.../aladdin.exe (wrar420.exe)

0 / 68

http://www.packageclearmega.com/c?x=9pvthXfqKPQ20wT4x3yVtbumJKCGa/I2tKeBxDdi/ow=&c=NTPCklsqPVMuPNdOyDYS/EuWJRC5xz22Of D ZgGHd2xKvSAgA57bqmpD4hpEPSNEaonb4qWVdkdBrhtSJslI9zjAIOBT5Ww7uXwYdWZpUkIYRILZ44iqzHluLaAgMey&downloadAs=contra_hard_corps.exe&fallback_url=http://gamefabrique.com/dl/.../contra_hard_corps.exe ({blocked}.exe)

1 / 68 (Adware)

http://www.packageclearmega.com/c?x=hI fpYMvigOGqfvZvlzy70UBAEqVJyNbcdk9X0jnyUw=&c=7uX14NQ4gqg/pHfHQfwEsZpGC/OxrkBhbLmx3nMmFq6qC5OwhEUzI0aEBAekC3vUwQjSBMqQ2Ef0H5yNwKmvOXi9g1kkKC/3HYg6BynVzz20cuhNMV4RoPXgse8KRw3I&downloadAs=contra_hard_corps.exe&fallback_url=http://gamefabrique.com/dl/.../contra_hard_corps.exe ({blocked}.exe)

The following 6 files have been seen to comunicate with www.packageclearmega.com in live environments.

TCP » 52.24.26.116:443

online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443

online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443

036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.24.26.116:443

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443

Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.