» www.sendsignsbinaries.com
Overview
Analysis
IPs Addresses (6)
Downloads (1)
Network (6)

www.sendsignsbinaries.com

Domain Information

Server location:

Oregon, United States (US)

ASN:

AS16509 AMAZON-02 - Amazon.com, Inc., US

Root domain:

sendsignsbinaries.com

Scanner detections:

Detections (100% detected)

Scan engine

Details

Detections

Reason Heuristics

PUP.installCore.GERYONADS.Installer (M)

100.00%

VIPRE Antivirus

Threat.4786018

100.00%

McAfee

Trojan.Artemis!1E2A29BCBBC1

100.00%

Dr.Web

Trojan.InstallCore.1027

100.00%

ESET NOD32

Win32/InstallCore.ACP.gen potentially unwanted application

100.00%

Sophos

PUA 'Install Core Click run software'

100.00%

Malwarebytes

PUP.Optional.InstallCore

100.00%

K7 AntiVirus

Adware

100.00%

AVG

Generic

100.00%

Qihoo 360 Security

HEUR/QVM06.1.Malware.Gen

100.00%

Baidu Antivirus

Adware.Win32.InstallCore

100.00%

The domain www.sendsignsbinaries.com has been seen to resolve to the following 6 IP addresses.

54.148.57.212

ec2-54-148-57-212.us-west-2.compute.amazonaws.com

May 26, 2016

54.69.198.37

ec2-54-69-198-37.us-west-2.compute.amazonaws.com

May 26, 2016

54.69.11.66

ec2-54-69-11-66.us-west-2.compute.amazonaws.com

May 26, 2016

52.88.159.85

ec2-52-88-159-85.us-west-2.compute.amazonaws.com

May 26, 2016

52.25.41.73

ec2-52-25-41-73.us-west-2.compute.amazonaws.com

May 26, 2016

52.24.26.116

ec2-52-24-26-116.us-west-2.compute.amazonaws.com

May 26, 2016

File downloads found at URLs served by www.sendsignsbinaries.com.

11 / 68 (PUP)

http://www.sendsignsbinaries.com/c?x=TogN pLMlLwzD2vV3LsD/3CeMacpeSzd599SyhaLoD8=&c=Qwf02znTBDUFPf64ENhHPOy32N/ZuBzsw8Cwm/hbXpt4eeU75wju8jJtJR3mC1CmpEAbdHM5goI8ycby8HqJnKXmk8K5Y9kavhBlbWz5KalmMfvvqLIaXukUpj9YtPoe90fBu/f8oKQEJmygIyhBIQ==&downloadAs=Java_Update.exe&fallback_url=http://javadl.sun.com/webapps/.../AutoDL?BundleId=94214 (98b9b1b2491246bdcfa139895d13eda7)

The following 6 files have been seen to comunicate with www.sendsignsbinaries.com in live environments.

TCP » 52.24.26.116:443

online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443

online-guardian-v2.0.9.exe

TCP » 52.24.26.116:443

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443

036629fbd4864725737a8ba8fe7e8cd6.exe

TCP » 52.24.26.116:443

rlvknlg.exe (Relevant-Knowledge by TMRG)

TCP » 52.24.26.116:443

Proxomitron.exe (Proxomitron by Groom-A-Zebu (tm))

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.