PennyBeeW.exe

Starter

MY POP SHOP LTD

The application PennyBeeW.exe by MY POP SHOP has been detected as adware by 12 anti-malware scanners. While running, it connects to the Internet address blob.am5prdstr07a.store.core.windows.net on port 80 using the HTTP protocol.
Publisher:
MY POP SHOP LTD  (signed and verified)

Product:
Starter

Version:
1.0.1.1

MD5:
d6b24f7907c9a25a5837db90852007a0

SHA-1:
1292d0191fce7b50d097e61574aaf52877203dae

SHA-256:
9a7ab25a09d49d76367574032b1bb1b9d8b593d879e9afd1b9c03031beeae258

Scanner detections:
12 / 68

Status:
Adware

Analysis date:
12/24/2024 3:48:22 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Smartbar.O
877

Avira AntiVirus
TR/Trash.Gen
7.11.30.172

AVG
Mypopshop
2015.0.3396

Bitdefender
Adware.Smartbar.O
1.0.20.1265

Emsisoft Anti-Malware
Adware.Smartbar.O
8.14.09.10.02

F-Secure
Adware.Smartbar.O
11.2014-10-09_4

G Data
Adware.Smartbar
14.9.24

MicroWorld eScan
Adware.Smartbar.O
15.0.0.759

nProtect
Adware.Smartbar.O
14.08.14.01

Reason Heuristics
PUP.MYPOPSHOP.J
14.8.8.0

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10368

VIPRE Antivirus
Threat.4783962
31208

File size:
72.9 KB (74,624 bytes)

Product version:
1.0.1.1

Copyright:
Copyright © 2014

Original file name:
PennyBeeW.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\pennybee\pennybeew.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/7/2014 1:00:00 AM

Valid to:
7/8/2015 12:59:59 AM

Subject:
CN=MY POP SHOP LTD, O=MY POP SHOP LTD, STREET=14 Shenkar Arie, L=HERZLIYA, S=NA, PostalCode=46725, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
4A7D93FD75281A37A4ADCDCD636D3ADB

File PE Metadata
Compilation timestamp:
7/30/2014 12:30:45 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:oORx6U+zA7xCGoxW6Gs6nvzVCuahqnz1bfvXcDNc1r4e+Trz:JQkdyxW6h6bUhqnz1bfvO8kvTv

Entry address:
0xA2F6

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.8284

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
33 KB (33,792 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-50-17-205-172.compute-1.amazonaws.com  (50.17.205.172:80)

TCP (HTTP):
Connects to ec2-54-221-252-20.compute-1.amazonaws.com  (54.221.252.20:80)

TCP (HTTP):
Connects to blob.am5prdstr07a.store.core.windows.net  (13.95.96.184:80)

TCP (HTTP):
Connects to s3-1.amazonaws.com  (52.216.65.59:80)

TCP (HTTP):
Connects to rtr1.l7.search.vip.ir2.yahoo.com  (188.125.66.105:80)

TCP (HTTP):
Connects to r-069-042-234-077.ff.avast.com  (77.234.42.69:80)

TCP (HTTP):
Connects to qg-in-f191.1e100.net  (74.125.29.191:80)

TCP (HTTP):
Connects to oa155.any.onet.pl  (213.180.141.155:80)

TCP (HTTP):
Connects to muc03s14-in-f23.1e100.net  (74.125.232.87:80)

TCP (HTTP):
Connects to mpr2.ngd.vip.bf1.yahoo.com  (98.139.225.43:80)

TCP (HTTP):
Connects to mpr1.ngd.vip.bf1.yahoo.com  (98.139.225.42:80)

TCP (HTTP):
Connects to lga15s42-in-f28.1e100.net  (74.125.226.28:80)

TCP (HTTP):
Connects to lga15s42-in-f25.1e100.net  (74.125.226.25:80)

TCP (HTTP):
Connects to lga15s42-in-f14.1e100.net  (74.125.226.14:80)

TCP (HTTP):
Connects to lga15s42-in-f12.1e100.net  (74.125.226.12:80)

TCP (HTTP):
Connects to hosted-by.leaseweb.com  (198.7.59.27:80)

TCP (HTTP):
Connects to hkg07s02-in-f14.1e100.net  (216.58.221.142:80)

TCP (HTTP):
Connects to float.976.bm-impbus.prod.nym2.adnexus.net  (68.67.152.188:80)

TCP (HTTP):
Connects to float.1953.bm-impbus.prod.nym2.adnexus.net  (68.67.153.75:80)

TCP (HTTP):
Connects to f0.asp24.pl  (195.177.211.65:80)

Remove PennyBeeW.exe - Powered by Reason Core Security