netman.exe

The application netman.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address ip-172-20-20-20.ec2.internal on port 57443.
MD5:
6a0a5bd6e6aadc34f241b897897755d9

SHA-1:
9885f5b6a1f9b148b64c3e5b5dcd1aa4bcf94eee

SHA-256:
2c79cabae725404360aa78f24ac826aa46eff995c2ae878684a1e05f2bcb0a74

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 2:06:04 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.MintCast
16.2.22.0

File size:
1.7 MB (1,808,384 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\mintcast\addon\netman.exe

File PE Metadata
Compilation timestamp:
9/21/2015 12:05:45 AM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
12.0

CTPH (ssdeep):
49152:mGtlqOZVwASOvqo0e/rlVfH1MreqRYueqw892Wu9f41AX+VPIU6ibkPg4:r95aRZmfEAr+bV

Entry address:
0xF7BAC

Entry point:
48, 83, EC, 28, E8, 5B, 07, 00, 00, 48, 83, C4, 28, E9, 7E, FE, FF, FF, FF, 25, 74, F7, 00, 00, FF, 25, 76, F7, 00, 00, FF, 25, 78, F7, 00, 00, FF, 25, 7A, F7, 00, 00, FF, 25, 7C, F7, 00, 00, FF, 25, 7E, F7, 00, 00, FF, 25, 88, F7, 00, 00, FF, 25, 8A, F7, 00, 00, FF, 25, 8C, F7, 00, 00, FF, 25, 8E, F7, 00, 00, FF, 25, 90, F7, 00, 00, FF, 25, 9A, F7, 00, 00, FF, 25, 9C, F7, 00, 00, FF, 25, 9E, F7, 00, 00, CC, CC, 40, 53, 48, 83, EC, 20, 48, 8B, D9, FF, 15, 9D, F4, 00, 00, B9, 01, 00, 00, 00, 89, 05, B2, 4B...
 
[+]

Code size:
1 MB (1,070,080 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-lht6.fbcdn.net  (157.240.1.23:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-ord1.fbcdn.net  (31.13.74.7:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-sit4.fbcdn.net  (31.13.78.17:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-02-dft4.fbcdn.net  (31.13.66.5:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-mrs1.fbcdn.net  (31.13.75.12:443)

TCP (HTTP SSL):
Connects to edge-video-shv-01-sea1.fbcdn.net  (31.13.76.109:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-kul1.facebook.com  (31.13.67.36:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-02-dft4.facebook.com  (31.13.66.36:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-02-lax3.fbcdn.net  (157.240.11.22:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-sin6.fbcdn.net  (157.240.7.26:443)

TCP (HTTP SSL):
Connects to jn-in-f139.1e100.net  (209.85.234.139:443)

TCP (HTTP SSL):
Connects to jn-in-f136.1e100.net  (209.85.234.136:443)

TCP (HTTP SSL):
Connects to jl-in-f102.1e100.net  (209.85.200.102:443)

TCP (HTTP SSL):
Connects to edge-video-shv-01-sjc2.fbcdn.net  (31.13.77.11:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-mrs1.facebook.com  (31.13.75.8:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-lga3.facebook.com  (31.13.71.1:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-kul1.facebook.com  (31.13.67.1:443)

TCP (HTTP SSL):
Connects to edge-star-shv-01-iad3.facebook.com  (31.13.69.197:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-sea1.facebook.com  (31.13.76.68:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-mxp1.facebook.com  (31.13.86.36:443)

Remove netman.exe - Powered by Reason Core Security