messengertime.exe

SoftNinjas

The application messengertime.exe by SoftNinjas has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘MessengerTime’. This file is typically installed with the program MessengerTime - Facebook Messenger for Desktop by MessengerTime. While running, it connects to the Internet address edge-star-shv-01-frt3.facebook.com on port 443.
Publisher:
SoftNinjas  (signed and verified)

MD5:
bfb4fcb5c665bf96b058a0c8f0d364bb

SHA-1:
3c24c48746fc73904f77d1b41cd8cc5430f913d5

SHA-256:
d63ea00ac09f08843ced786617d7b20210153c8436c13f5262ef7dfc38ded972

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 4:17:30 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WikiZ
16.8.2.14

File size:
45.3 MB (47,494,080 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\messengertime\messengertime.exe

Digital Signature
Signed by:

Authority:
SoftNinjas

Valid from:
8/10/2015 10:59:03 AM

Valid to:
8/7/2025 10:59:03 AM

Subject:
CN=MessengerTime, O=SoftNinjas, S=Some-State, C=US

Issuer:
CN=MessengerTime, O=SoftNinjas, S=Some-State, C=US

Serial number:
00F1F3BE66B4319891

File PE Metadata
Compilation timestamp:
2/20/2016 7:43:51 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
786432:KuK9C64r1c7VQZgnUrurLpbH05yL5dsuUQq6+4UYOkdOXQEid1:bwC64r1c6ZgnUSrLpbUAdBUQq6/BL4w1

Entry address:
0x1C9A031

Entry point:
E8, 5A, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, A8, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, A8, EC, 02, 5D, C3, E8, 09, 21, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CC, 21, 00, 00, 59, F6, 05, 20, A8, EC, 02, 02, 74, 21, 6A, 17, E8, D9, 20, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A9, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 16, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75...
 
[+]

Entropy:
6.8880

Code size:
34.9 MB (36,634,112 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MessengerTime

Command:
C:\users\{user}\appdata\roaming\messengertime\messengertime.exe su


The file messengertime.exe has been discovered within the following program.

About 7% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to unknown.telstraglobal.net  (210.176.156.25:443)

TCP (HTTP SSL):
Connects to s-prd-umpxl-adcom-scd-blue-b.evip.aol.com  (149.174.66.131:443)

TCP (HTTP SSL):
Connects to masterPixelList-tp00.everesttech.net  (66.117.25.36:443)

TCP (HTTP SSL):
Connects to edge-star-shv-02-mia1.facebook.com  (157.240.0.17:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-atl3.facebook.com  (31.13.65.1:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-02-mia1.fbcdn.net  (157.240.0.22:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-frt3.fbcdn.net  (31.13.92.14:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-sin6.facebook.com  (157.240.7.20:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-mxp1.facebook.com  (31.13.86.8:443)

TCP (HTTP):
Connects to ec2-54-197-238-140.compute-1.amazonaws.com  (54.197.238.140:80)

TCP (HTTP SSL):
Connects to client-200.60.190.94.speedy.net.pe  (200.60.190.94:443)

TCP (HTTP):
Connects to client-200.60.190.142.speedy.net.pe  (200.60.190.142:80)

TCP (HTTP):
Connects to client-200.60.136.43.speedy.net.pe  (200.60.136.43:80)

TCP (HTTP):
Connects to client-200.60.136.42.speedy.net.pe  (200.60.136.42:80)

TCP (HTTP SSL):
Connects to a23-57-201-37.deploy.static.akamaitechnologies.com  (23.57.201.37:443)

TCP (HTTP SSL):
Connects to a23-57-200-227.deploy.static.akamaitechnologies.com  (23.57.200.227:443)

TCP (HTTP SSL):
Connects to a23-57-127-68.deploy.static.akamaitechnologies.com  (23.57.127.68:443)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP SSL):
Connects to a104-122-122-218.deploy.static.akamaitechnologies.com  (104.122.122.218:443)

Remove messengertime.exe - Powered by Reason Core Security