home

limewire-music-free.exe

LimeWire Music

Prospera Software, Inc.

The application limewire-music-free.exe by Prospera Software has been detected as a potentially unwanted program by 4 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.citybulkchuckle.com and multiple other hosts. While running, it connects to the Internet address f2.fd.adb8.ip4.static.sl-reverse.com on port 80 using the HTTP protocol.
Publisher:
ProNetSharing LLC  (signed by Prospera Software, Inc.)

Product:
LimeWire Music

Version:
4.8.0.0

MD5:
39741c9f1705c99d4d61dd8e8cebfc3a

SHA-1:
b04d1c888de9a0ddce0d1abe1399a78bf858a294

SHA-256:
14f2c9c78bdfa1494c1810d3ff58dacdaf383d93a2555ae3ba7dd5c26d5dfdbc

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 10:04:21 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3287

ESET NOD32
Win32/DownWare
8.10697

Reason Heuristics
PUP.ProsperaSoftware.T
14.11.17.20

Rising Antivirus
PE:Trojan.Win32.Generic.177C227F!394011263
23.00.65.141115

File size:
5.1 MB (5,320,608 bytes)

Copyright:
� ProNetSharing LLC

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Digital Signature
Signed by:
Prospera Software, Inc.

Authority:
VeriSign, Inc.

Valid from:
3/2/2014 6:00:00 PM

Valid to:
6/2/2015 6:59:59 PM

Subject:
CN="Prospera Software, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Prospera Software, Inc.", L=Suwanee, S=Georgia, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
546C3D8AF79CD0909C4F8A5A97399E3C

File PE Metadata
Compilation timestamp:
2/24/2012 1:19:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:R9CfNLvUb6SK3wjg8H0F1hbGKVerOyVdYY5F5bLIRdWOup+zwnvx7fr8:XCfNQx5jR0F1Q6y3rdwb6+zwnvlz8

Entry address:
0x39E3

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]

Entropy:
7.9977

Packer / compiler:
Nullsoft install system v2.x

Code size:
28 KB (28,672 bytes)

The file limewire-music-free.exe has been seen being distributed by the following 6 URLs.

http://www.citybulkchuckle.com/dTfhi_h3uIVAXpXB1K3PpGO_jbIqxawiIKLqNNt63D1yCt9cRtGHbPatrRn r0IPQj3asUtl3gDxHtKepjl4tLVddZsE0wKObza20UgYTAHCEfwgNai4g6zNiDRwnjFj_qq2OyHv7AOBNSzR01dv YlsoB195JdTyljVL3P6CTB77aoGib7w2A_EWETPUPDSyCfOctZe-G1UAAGRgnq2tQUhSsw_YgAOXbLEAH1CGjTHPkwjK8X3PSxC_0LTvR7s26iSC12nrFh1Q 0Ddv5OfV7zD755rxxZd8WXb38cBp8IegE5ECZpFkiIZ

http://www.repositorycyclepackage.com/dmjPxdtLz92gucCKnTQyaHPIKXc97XDQsm5i1RuEMiOMs fPrXLq3aYkE9w1QMjEm6tFgo4vZRryUc54CqvGV2Hrp_nUYDXeltJVmEHeOlWxL2NFMrcjlsCOFqJiLbv0FDCsRjDLnsokDgiF_6iiJYpEqLb0NNEy4L6HT8fG9iUKQC8ccvPfpNHTwLysQ1nvXQ3sKZYdJ71bP3ZmMajwZ_fC8j1DM3dZSydlyujxQLw8_2ux2Cjw7yOmEuANJetpS1kNPPtVwqGrxhaxZSedtL7UzV3a36MOZXmhzDjCgzsV5_gS4MoX6h6aMPIYm8kInGWF3SMFkjTad9GmJ81C_lg8R52 3QZ7l3AviS0Akk3ma0pmIaHuvCgnX9JrKL0V5jq7J_O7K2yrmY7nV8Oa oLOx xaxJ9vfq445LO8NZKs8xkWHGETKOS_PAwaCluuEE o9Rak9r62hp2zwE4Jbc38cmXJoDNXWZXWWASIcSuabFHkJO8=-G1UAAGRgnq2tSeziQdiAA5cssQEf0IaNsTNFhMr0fF6XQL_QfBxntxV1mcPbvPeLFsSeUP_t5cdTNIY2ZtPR s978gyXHLuI0E BXkQJBiEIgiEo-e

http://www.clearheartgift.com/zI5N8zbaDOmGcLOz4hHp 3jiy35V ZTYhxgEHOsJiVMmWpLiBaVPjVpFSevO KEK4ZXkjaWjZmW8r WEsPfuT2fESnhM3A KnY0ql2laCrpcWVHhSarRRjplfuwp X0EH7vDiDYX4_1DSBZIlGxUA5gC_ SBHu1 l9CU50enqPFgC9jPOJJAmnC9tEKR47F1gbSQJrs-G1UAAGTcXGtvLs1lHbg6bMCBSzbYOOADyrAx5nkSQaW7ru0SxC_RL8sKpkZd5uTUz3DRwrUTAT9onpce7A8YBQDvcqzP4Xfm30JNikGd5kRBwozMAg==

http://global-shared-files-l3.softonic.com/b04/d1c/.../file?nvb=20150112172036&nva=20150113052136&token=0d01e60560d2d591a781c&SD_used=0&channel=WEB&fdh=no&id_file=3344619&instance=softonic_en&type=PROGRAM&filename=limewire-music-free.exe

http://global-shared-files-l3.softonic.com/b04/d1c/.../file?nvb=20150123203137&nva=20150124083237&token=06869caafc6613e82e09c&SD_used=0&channel=WEB&fdh=no&id_file=3344619&instance=softonic_en&type=PROGRAM&filename=limewire-music-free.exe

http://www.pronetsharing.com/.../limewire-music-free.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to f2.fd.adb8.ip4.static.sl-reverse.com  (184.173.253.242:80)

Remove limewire-music-free.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.