home

mustang.exe

Rafotech Mustang

RAFO TECHNOLOGY INC

The application mustang.exe by RAFO TECHNOLOGY INC has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address xx-fbcdn-shv-01-mxp1.fbcdn.net on port 443.
Publisher:
Rafotech  (signed by RAFO TECHNOLOGY INC)

Product:
Rafotech Mustang

Version:
55.0.2883.75

MD5:
663ca32bd5c015149c41590595315443

SHA-1:
2077bc5d629f7d37b3c8b527da117b9b25c735de

SHA-256:
d667871ba7e88fa040d3af184a021b43cca74d0f6962c977e402d7c026388470

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 2:43:20 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.RafoTech (M)
17.1.13.20

File size:
1.1 MB (1,147,176 bytes)

Product version:
55.0.2883.75

Copyright:
Copyright 2017 Rafotech. All rights reserved.

Original file name:
mustang.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\rafotech\mustang\application\mustang.exe

Digital Signature
Signed by:
RAFO TECHNOLOGY INC

Authority:
GlobalSign nv-sa

Valid from:
11/15/2016 6:42:46 AM

Valid to:
4/18/2019 6:50:02 AM

Subject:
CN=RAFO TECHNOLOGY INC, O=RAFO TECHNOLOGY INC, L=Alhambra, S=California, C=US

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G3, O=GlobalSign nv-sa, C=BE

Serial number:
53431729F0038DEBEF6555C5

File PE Metadata
Compilation timestamp:
1/13/2017 10:15:47 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x53997

Entry point:
E8, 3E, 08, 00, 00, E9, 8E, FE, FF, FF, 55, 8B, EC, 6A, 00, FF, 15, D4, F1, 48, 00, FF, 75, 08, FF, 15, 64, F3, 48, 00, 68, 09, 04, 00, C0, FF, 15, B4, F0, 48, 00, 50, FF, 15, 40, F1, 48, 00, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 5D, 61, 03, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, 00, C3, 4B, 00, 89, 0D, FC, C2, 4B, 00, 89, 15, F8, C2, 4B, 00, 89, 1D, F4, C2, 4B, 00, 89, 35, F0, C2, 4B, 00, 89, 3D, EC, C2, 4B, 00, 66, 8C, 15, 18, C3, 4B, 00, 66, 8C, 0D, 0C, C3, 4B, 00, 66, 8C, 1D, E8...
 
[+]

Code size:
567 KB (580,608 bytes)

Windows Firewall Allowed Program
Name:
mustang browser


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-mrs1.facebook.com  (31.13.75.36:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-mrs1.facebook.com  (31.13.75.8:443)

TCP (HTTP):
Connects to 187-44-155-116.STATIC.itsweb.com.br  (187.44.155.116:80)

TCP (HTTP SSL):
Connects to a2-16-4-225.deploy.akamaitechnologies.com  (2.16.4.225:443)

TCP (HTTP SSL):
Connects to a2-16-4-201.deploy.akamaitechnologies.com  (2.16.4.201:443)

TCP (HTTP):
Connects to ec2-54-235-78-193.compute-1.amazonaws.com  (54.235.78.193:80)

TCP (HTTP):
Connects to ns529270.ip-158-69-243.net  (158.69.243.202:80)

TCP (HTTP SSL):
Connects to eb.83.1732.ip4.static.sl-reverse.com  (50.23.131.235:443)

TCP (HTTP SSL):
Connects to edge-sonar-mini-shv-01-waw1.fbcdn.net  (31.13.81.35:443)

TCP (HTTP):
Connects to a23-45-227-222.deploy.static.akamaitechnologies.com  (23.45.227.222:80)

TCP (HTTP SSL):
Connects to a2-16-4-192.deploy.akamaitechnologies.com  (2.16.4.192:443)

TCP (HTTP):
Connects to 74.113.233.187.df.iaccap.com  (74.113.233.187:80)

TCP (HTTP SSL):
Connects to static.222.57.201.138.clients.your-server.de  (138.201.57.222:443)

TCP:
Connects to ns3054628.ip-213-32-6.eu  (213.32.6.162:50000)

TCP:
Connects to ip240.ip-149-56-182.net  (149.56.182.240:9000)

TCP (HTTP SSL):
Connects to a2-16-4-227.deploy.akamaitechnologies.com  (2.16.4.227:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-mxp1.fbcdn.net  (31.13.86.4:443)

TCP (HTTP SSL):
Connects to server-54-240-186-19.mad50.r.cloudfront.net  (54.240.186.19:443)

TCP (HTTP SSL):
Connects to server-52-85-63-57.lhr50.r.cloudfront.net  (52.85.63.57:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-mxp1.facebook.com  (31.13.86.8:443)

Remove mustang.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.