messengertime.exe

SoftNinjas

The application messengertime.exe by SoftNinjas has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘MessengerTime’. While running, it connects to the Internet address customer-VER-209-40.megared.net.mx on port 443.
Publisher:
SoftNinjas  (signed and verified)

MD5:
cac26aaf44e73f738c73612f8d98fc8e

SHA-1:
677787a5691aeb3524f4adbefef9f2a4745b02d7

SHA-256:
331695b3eb6407632cbe8f159d0f9f3c4ffe4210db85fac44b3ab995746594bc

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 6:50:48 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WikiZ
17.3.9.20

File size:
45.6 MB (47,787,744 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\messengertime\messengertime.exe

Digital Signature
Signed by:

Authority:
SoftNinjas

Valid from:
8/10/2015 12:59:03 PM

Valid to:
8/7/2025 12:59:03 PM

Subject:
CN=MessengerTime, O=SoftNinjas, S=Some-State, C=US

Issuer:
CN=MessengerTime, O=SoftNinjas, S=Some-State, C=US

Serial number:
00F1F3BE66B4319891

File PE Metadata
Compilation timestamp:
2/17/2017 5:17:08 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x1C9A083

Entry point:
E8, 98, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, A8, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, A8, EC, 02, 5D, C3, E8, A7, 20, 00, 00, 85, C0, 74, 08, 6A, 16, E8, 6A, 21, 00, 00, 59, F6, 05, 20, A8, EC, 02, 02, 74, 21, 6A, 17, E8, 97, 24, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A7, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 14, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75...
 
[+]

Entropy:
6.8703

Code size:
34.9 MB (36,637,696 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MessengerTime

Command:
C:\users\{user}\appdata\roaming\messengertime\messengertime.exe su


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):
Connects to customer-VER-209-40.megared.net.mx  (200.52.209.40:443)

Remove messengertime.exe - Powered by Reason Core Security