PennyBeeW.exe

PennyBee

MY POP SHOP LTD

The application PennyBeeW.exe by MY POP SHOP has been detected as adware by 5 anti-malware scanners. While running, it connects to the Internet address blob.am5prdstr07a.store.core.windows.net on port 80 using the HTTP protocol.
Publisher:
MY POP SHOP LTD  (signed and verified)

Product:
PennyBee

Version:
1.0.2.2

MD5:
bcd5604606905c3441083f55c05ed836

SHA-1:
867e4aeef4b83e9e8df65d0bd4329b9221d651b8

SHA-256:
ea2ad1cfa17d708f9e8934cbcba5a3f4508794019c6bf1c52162e247804277a6

Scanner detections:
5 / 68

Status:
Adware

Analysis date:
12/24/2024 4:14:49 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Mypopshop
2015.0.3332

Baidu Antivirus
PUA.MSIL.Linkury
4.0.3.14103

ESET NOD32
MSIL/Toolbar.Linkury (variant)
8.10501

McAfee
Artemis!BCD560460690
5600.6988

Reason Heuristics
PUP.MYPOPSHOP.J
14.10.3.14

File size:
336.5 KB (344,584 bytes)

Product version:
1.0.2.2

Copyright:
Copyright © 2014

Original file name:
PennyBeeW.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\pennybee\pennybeew.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/21/2014 9:00:00 PM

Valid to:
7/22/2015 8:59:59 PM

Subject:
CN=MY POP SHOP LTD, O=MY POP SHOP LTD, STREET=14 Shenkar Arie, L=HERZLIYA, S=NA, PostalCode=46725, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B739C4F756EE55FB750952CE570BE48B

File PE Metadata
Compilation timestamp:
9/29/2014 5:54:05 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:eeT2Ie5kM/ZIo54mOyMp31mgyRw75CBYwSBVr6FFlOAN+ejAHKhKr:HIOywmgX75g6BNkDHN+wAHz

Entry address:
0x4BC3E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
295.5 KB (302,592 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to blob.am5prdstr07a.store.core.windows.net  (13.95.96.184:80)

TCP (HTTP):
Connects to wg-in-f95.1e100.net  (173.194.78.95:80)

TCP (HTTP):
Connects to ord08s06-in-f24.1e100.net  (74.125.225.56:80)

TCP (HTTP):
Connects to ec2-174-129-235-11.compute-1.amazonaws.com  (174.129.235.11:80)

TCP (HTTP):
Connects to ea-in-f156.1e100.net  (74.125.136.156:80)

TCP (HTTP):
Connects to b39a6f1b.virtua.com.br  (179.154.111.27:80)

TCP (HTTP):
Connects to 104.156.226.159.vultr.com  (104.156.226.159:80)

Remove PennyBeeW.exe - Powered by Reason Core Security