emule0.60.exe

ROMEO SOUTH SL

The application emule0.60.exe by ROMEO SOUTH SL has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address broadband.actcorp.in on port 34255.
Publisher:
ROMEO SOUTH SL  (signed and verified)

MD5:
29c66016d0d7da1235688546f609930e

SHA-1:
370306993ae79f1b6216b671a242b99a7fe76b5a

SHA-256:
504cc711ab72ec1f6385f063a63ecebc364092e1b1cabd3af3a094c07aeaacc0

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 10:45:51 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Vitallia.ROMEOSOUTH (M)
16.2.6.10

File size:
6.9 MB (7,183,208 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\emule0.60\emule0.60.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
5/29/2014 4:47:26 PM

Valid to:
6/19/2015 8:09:57 PM

Subject:
CN=ROMEO SOUTH SL, O=ROMEO SOUTH SL, L=Madrid, S=Madrid, C=ES

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
07BD0BED172350

File PE Metadata
Compilation timestamp:
7/31/2014 9:25:22 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:pDcLhu8RpggUT4hOXYGKBRAgAebFjS0H6zE5/q4hYn:pkBRprpOXYbAA7/qf

Entry address:
0x382970

Entry point:
E8, 83, 07, 00, 00, E9, 36, FD, FF, FF, 8B, FF, 55, 8B, EC, FF, 75, 08, E8, B5, F8, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 5D, E9, FB, FA, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 55, 33, FF, 33, ED, 8B, 44, 24, 14, 0B, C0, 7D, 15, 47, 45, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 28, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1...
 
[+]

Entropy:
6.8381

Code size:
4 MB (4,170,752 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-cdg2.fbcdn.net  (179.60.192.7:443)

TCP (HTTP):
Connects to ns348787.ip-94-23-32.eu  (94.23.32.125:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-mad1.fbcdn.net  (31.13.83.4:443)

TCP (HTTP):
Connects to ec2-54-154-208-40.eu-west-1.compute.amazonaws.com  (54.154.208.40:80)

TCP:
Connects to node45.hvosting.ua  (91.200.42.46:1176)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-mad1.facebook.com  (31.13.83.36:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-cdg2.facebook.com  (179.60.192.36:443)

TCP:
Connects to broadband.actcorp.in  (49.204.182.35:34255)

TCP:
Connects to b39beb89.virtua.com.br  (179.155.235.137:26324)

TCP:
Connects to b150d2d6.virtua.com.br  (177.80.210.214:57158)

TCP:
Connects to 191-242-62-191.dinamic.allconnect.net.br  (191.242.62.191:15505)

TCP:
Connects to 191-214-25-207.host.telemar.net.br  (191.214.25.207:14378)

Remove emule0.60.exe - Powered by Reason Core Security