mustang.exe

Mustang Browser

RAFO TECHNOLOGY INC

The application mustang.exe by RAFO TECHNOLOGY INC has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Mustang Browser by RAFO TECHNOLOGY INC. While running, it connects to the Internet address oa178.any.onet.pl on port 443.
Publisher:
Rafotech  (signed by RAFO TECHNOLOGY INC)

Product:
Mustang Browser

Version:
44.0.2403.46

MD5:
a9c1aec4517b4950c729f41679bb3d2a

SHA-1:
1a7db47d7b3f164118253428f336f0da4e5d0a32

SHA-256:
bc53d3698e91f6fbee39d6eb6932e44e56d3ff2bc173b35784433aab7c3b7707

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/2/2024 5:30:06 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.RafoTech (M)
16.11.15.13

File size:
598.6 KB (612,952 bytes)

Product version:
1.44.46.6

Copyright:
Copyright 2015 Rafotech. All rights reserved.

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\mustang browser\mustang\mustang.exe

Digital Signature
Authority:
GlobalSign nv-sa

Valid from:
3/18/2015 12:50:02 AM

Valid to:
3/18/2016 12:50:02 AM

Subject:
CN=RAFO TECHNOLOGY INC, O=RAFO TECHNOLOGY INC, L=Alhambra, S=California, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112130B87F4F087E63E0D3D6DC5F093C0729

File PE Metadata
Compilation timestamp:
8/18/2015 2:50:17 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:qMBDbELbnWodCMgcs9gOJ99sPqEpGcjTOup3LMeFfB6lqtFLMmxS76mB:qK8/drPqAvpQ68lELJSpB

Entry address:
0x3DD84

Entry point:
E8, 84, 97, 00, 00, E9, 7F, FE, FF, FF, CC, CC, 8B, 44, 24, 08, 8B, 4C, 24, 10, 0B, C8, 8B, 4C, 24, 0C, 75, 09, 8B, 44, 24, 04, F7, E1, C2, 10, 00, 53, F7, E1, 8B, D8, 8B, 44, 24, 08, F7, 64, 24, 14, 03, D8, 8B, 44, 24, 08, F7, E1, 03, D3, 5B, C2, 10, 00, 55, 8B, EC, 83, EC, 14, 53, 56, 33, DB, 57, 8B, 7D, 08, 89, 5D, F8, 89, 5D, F4, 89, 5D, FC, 85, FF, 75, 18, E8, F4, 16, 00, 00, 6A, 16, 5E, 89, 30, E8, 04, D1, FF, FF, 8B, C6, 5F, 5E, 5B, 8B, E5, 5D, C3, 6A, 24, 68, FF, 00, 00, 00, 57, E8, 1C, FA, FF, FF...
 
[+]

Entropy:
6.2947

Code size:
346 KB (354,304 bytes)

The file mustang.exe has been discovered within the following program.

Mustang Browser  by RAFO TECHNOLOGY INC
About 7% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to usite.any.onet.pl  (213.180.141.150:443)

TCP (HTTP SSL):
Connects to oa178.any.onet.pl  (213.180.141.178:443)

TCP (HTTP SSL):
Connects to lib.onet.pl  (213.180.141.148:443)

TCP (HTTP SSL):
Connects to oa134.dc2.any.onet.pl  (213.180.141.134:443)

TCP (HTTP SSL):
Connects to nk.pl  (195.93.178.6:443)

TCP (HTTP SSL):
Connects to xmpp.nktalk.pl  (195.93.178.7:443)

TCP (HTTP):
Connects to sg1.any.onet.pl  (213.180.141.140:80)

TCP (HTTP):
Connects to rev-213.189.48.208.atman.pl  (213.189.48.208:80)

TCP (HTTP SSL):
Connects to hc-6.pdmz.onet.pl  (213.180.139.229:443)

TCP (HTTP):
Connects to s-nk.pl  (195.93.178.23:80)

TCP (HTTP):
Connects to s3-1.amazonaws.com  (54.231.82.100:80)

TCP (HTTP):
Connects to opensocial.nk-net.pl  (195.93.178.9:80)

TCP (HTTP SSL):
Connects to ls5.host.hit.gemius.pl  (137.74.1.69:443)

TCP (HTTP SSL):
Connects to hc-7.pdmz.onet.pl  (213.180.139.230:443)

TCP (HTTP):
Connects to ecache8.m2d1.cdn.onet.pl  (213.180.133.199:80)

TCP (HTTP SSL):
Connects to s1.m1r3.onet.pl  (213.180.141.128:443)

TCP (HTTP SSL):
Connects to hc-1.pdmz.onet.pl  (213.180.139.224:443)

TCP (HTTP):
Connects to rtax.criteo.com  (178.250.2.100:80)

TCP (HTTP SSL):
Connects to host-85.232.230.227.maxpi.pl  (85.232.230.227:443)

TCP (HTTP SSL):
Connects to hc-8.pdmz.onet.pl  (213.180.139.231:443)

Remove mustang.exe - Powered by Reason Core Security