» PennyBee.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)
Network (2)

PennyBee.exe

Penny Bee

Jambo Digital Ltd

The application PennyBee.exe by Jambo Digital has been detected as adware by 17 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program Penny Bee by Jambo Digital Ltd which is a potentially unwanted software program.

File name:

PennyBee.exe

Publisher:

Penny Bee Agent (signed by Jambo Digital Ltd)

Product:

Penny Bee

Version:

1.1.0.13

MD5:

3e01a07597677e78805a1947e0b52a8e

SHA-1:

3ed7ee1d09e076f44d9e2a6da2f6998728deae5c

SHA-256:

5fd311e80fdba709d80c11d8032ec7dd14de17245d2585c17257bd4f6c2e377e

Scanner detections:

17 / 68

Status:

Adware

Analysis date:

11/17/2024 9:38:43 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2000594

750

Bitdefender

Trojan.GenericKD.2000594

1.0.20.80

Comodo Security

ApplicUnwnt

20537

Dr.Web

Trojan.Lyrics.150

9.0.1.016

Emsisoft Anti-Malware

Trojan.GenericKD.2000594

8.15.01.16.01

ESET NOD32

Win32/AdWare.PennyBee (variant)

9.10946

F-Secure

Trojan.GenericKD.2000594

11.2015-16-01_6

G Data

Trojan.GenericKD.2000594

15.1.24

Microsoft Security Essentials

Adware:Win32/PennyBee

1.11302

MicroWorld eScan

Trojan.GenericKD.2000594

16.0.0.48

nProtect

Trojan.GenericKD.2000594

14.12.30.01

Quick Heal

Adware.PennyBee.r5 (Not a Virus)

1.15.14.00

Reason Heuristics

PUP.Task.Jambo

15.1.16.1

Sophos

PennyBee

4.98

Trend Micro House Call

ADW_BEEPEN

7.2.16

Trend Micro

ADW_BEEPEN

10.465.16

VIPRE Antivirus

Trojan.Win32.Generic

36228

File size:

454.1 KB (464,952 bytes)

Product version:

1.1.0.13

Original file name:

PennyBee.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\ProgramData\pennybee\pennybee.exe

Digital Signature

Signed by:

Jambo Digital Ltd

Authority:

COMODO CA Limited

Valid from:

5/28/2014 7:00:00 AM

Valid to:

5/28/2017 6:59:59 AM

Subject:

CN=Jambo Digital Ltd, OU=Jambo Digital Ltd, O=Jambo Digital Ltd, STREET=2 Kaufman Yehezkel, STREET=tel aviv, L=tel aviv, S=TEL AVIV-JAFFA, PostalCode=6801294, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00C458EED8E9EAA77E97499968CD5DD6B9

File PE Metadata

Compilation timestamp:

6/18/2014 7:30:37 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:D5odcgNkNRUwrIpQ7jFZ9jkh21MWglBcxi++ElnIK:9odcxN2oIWZlkcBCcxi+9N

Entry address:

0x32F96

Entry point:

E8, 2A, BF, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, 10, 07, 46, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 8C, B2, 44, 00, 33, C0, 39, 5D, 28, 53, 53, FF, 75, 18, 0F, 95, C0, FF, 75, 14, 8D, 04, C5, 01, 00, 00, 00, 50, FF, 75, 24, FF, D6, 8B, F8, 89... 
[+]

Entropy:

6.4080

Code size:

296 KB (303,104 bytes)

Scheduled Task

Task name:

pennybee Runner

Trigger:

Logon (Runs on logon)

Action:

pennybee.exe \task=4 \installon=0 \closebr=0 \active=24 \update

The file PennyBee.exe has been discovered within the following program.

Penny Bee by Jambo Digital Ltd

PennyBee is an advertising supported (adware) extension that runs in the context of the user's web browser as well as a process in the background.

80% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server-54-230-207-132.atl50.r.cloudfront.net (54.230.207.132:80)

TCP (HTTP):

Connects to ec2-107-21-244-247.compute-1.amazonaws.com (107.21.244.247:80)

Remove PennyBee.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.