mank.exe

Mank

The application mank.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘luber’. While running, it connects to the Internet address cdce.acs006.internap.com on port 80 using the HTTP protocol.
Publisher:
Mank

Product:
Mank

Version:
4.7.3.29

MD5:
8253a70e4499f6207b9c9f17e3b0b50a

SHA-1:
7e73de954ee6c722417ecf8b440989246cbf5679

SHA-256:
0b0239e33497a9e9378f65a0b66bcff166fa86907e6085eebb8040924caac1c1

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 12:26:19 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Adware.Dotdo.AP application
6.3.12010.0

Reason Heuristics
Adware.Dotdo.ET (M)
17.2.11.11

File size:
8.5 KB (8,704 bytes)

Product version:
4.7.3.29

Copyright:
Copyright © Mank 2017

Trademarks:
© 2017 Mank

Original file name:
mank.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\dacron\mank.exe

File PE Metadata
Compilation timestamp:
2/1/2017 3:58:44 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x367E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.3104

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
6 KB (6,144 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
luber

Command:
"C:\Program Files\dacron\mank.exe"


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-206-162-106.compute-1.amazonaws.com  (52.206.162.106:80)

TCP (HTTP):
Connects to lb-web.ustream.tv  (199.66.238.212:80)

TCP (HTTP):
Connects to cdce.acs006.internap.com  (64.74.126.10:80)

TCP (HTTP):
Connects to eb.83.1732.ip4.static.sl-reverse.com  (50.23.131.235:80)

TCP (HTTP):
Connects to cdce.nym011.internap.com  (63.251.19.8:80)

TCP (HTTP):
Connects to ec2-52-200-196-73.compute-1.amazonaws.com  (52.200.196.73:80)

TCP (HTTP SSL):
Connects to server-54-192-87-102.lax3.r.cloudfront.net  (54.192.87.102:443)

TCP (HTTP SSL):
Connects to a23-197-96-157.deploy.static.akamaitechnologies.com  (23.197.96.157:443)

TCP (HTTP):
Connects to static.hosted-by.miamidedicated.com  (162.222.193.17:80)

TCP (HTTP):
Connects to server-52-84-246-194.sfo20.r.cloudfront.net  (52.84.246.194:80)

TCP (HTTP):
Connects to hosted-by.instantdedicated.com  (188.95.50.96:80)

TCP (HTTP):
Connects to ec2-54-173-104-235.compute-1.amazonaws.com  (54.173.104.235:80)

TCP (HTTP):
Connects to ec2-52-72-228-9.compute-1.amazonaws.com  (52.72.228.9:80)

TCP (HTTP):
Connects to ec2-52-200-128-131.compute-1.amazonaws.com  (52.200.128.131:80)

TCP (HTTP SSL):
Connects to ec2-52-10-245-53.us-west-2.compute.amazonaws.com  (52.10.245.53:443)

TCP (HTTP):
Connects to ec2-184-169-136-172.us-west-1.compute.amazonaws.com  (184.169.136.172:80)

TCP (HTTP SSL):
Connects to a104-96-98-228.deploy.static.akamaitechnologies.com  (104.96.98.228:443)

TCP (HTTP):
Connects to a104-96-96-168.deploy.static.akamaitechnologies.com  (104.96.96.168:80)

TCP (HTTP SSL):
Connects to server-54-192-139-206.lax1.r.cloudfront.net  (54.192.139.206:443)

TCP (HTTP):
Connects to ec2-54-82-212-234.compute-1.amazonaws.com  (54.82.212.234:80)

Remove mank.exe - Powered by Reason Core Security