PennyBeeW.exe

PennyBeeW

The application PennyBeeW.exe has been detected as a potentially unwanted program by 11 anti-malware scanners.
Product:
PennyBeeW

Version:
1.0.7.0

MD5:
6a98a83c9da42578ab09939c4340610b

SHA-1:
ab88b37953d72f568855eaabd1fecafa2b13aeda

SHA-256:
55d4bffc5bbca73ecbe8669c8dab67485c6f95eea33e40b73bb00ac5eff35a75

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 1:52:27 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.468568
764

Baidu Antivirus
PUA.MSIL.Linkury
4.0.3.1512

Bitdefender
Gen:Variant.Kazy.468568
1.0.20.10

Emsisoft Anti-Malware
Gen:Variant.Kazy.468568
8.15.01.02.07

ESET NOD32
MSIL/Toolbar.Linkury (variant)
9.10950

F-Secure
Gen:Variant.Kazy.468568
11.2015-02-01_6

G Data
Gen:Variant.Kazy.468568
15.1.24

Kaspersky
not-a-virus:AdWare.MSIL.PennyBee
14.0.0.2703

MicroWorld eScan
Gen:Variant.Kazy.468568
16.0.0.6

Panda Antivirus
Trj/CI.A
15.01.02.07

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

File size:
330.5 KB (338,432 bytes)

Product version:
1.0.7.0

Copyright:
Copyright © 2014

Original file name:
PennyBeeW.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\pennybee\pennybeew.exe

File PE Metadata
Compilation timestamp:
12/25/2014 7:27:13 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:at9LdiZIdOyU7v6xAHFJVqITXwjU3Lp6MoGacdCawSRRW7:CbOyZxAHDVqT+16MraccZ7

Entry address:
0x4C06E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.3138

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
296.5 KB (303,616 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-204-37-116.compute-1.amazonaws.com  (54.204.37.116:80)

TCP (HTTP):
Connects to cache.google.com  (134.90.151.38:80)

TCP (HTTP):
Connects to arn06s07-in-f2.1e100.net  (216.58.209.98:80)

TCP (HTTP):
Connects to www.turktelekom.com.tr  (195.175.114.216:80)

TCP (HTTP):
Connects to wj-in-f156.1e100.net  (74.125.195.156:80)

TCP (HTTP):
Connects to tg-in-f155.1e100.net  (74.125.23.155:80)

TCP (HTTP):
Connects to sof01s12-in-f2.1e100.net  (216.58.209.2:80)

TCP (HTTP):
Connects to sof01s11-in-f1.1e100.net  (216.58.208.97:80)

TCP (HTTP):
Connects to server6264.dedicated.webfusion.co.uk  (94.136.34.44:80)

TCP (HTTP):
Connects to server-54-230-15-65.ams1.r.cloudfront.net  (54.230.15.65:80)

TCP (HTTP):
Connects to server-54-230-134-224.syd1.r.cloudfront.net  (54.230.134.224:80)

TCP (HTTP):
Connects to server-54-230-134-149.syd1.r.cloudfront.net  (54.230.134.149:80)

TCP (HTTP):
Connects to hwcdn.net  (69.16.175.42:80)

TCP (HTTP):
Connects to hosted-by.leaseweb.com  (198.7.59.21:80)

TCP (HTTP):
Connects to fra02s22-in-f13.1e100.net  (173.194.113.109:80)

TCP (HTTP):
Connects to float.1209.bm-impbus.prod.sin1.adnexus.net  (103.243.222.13:80)

TCP (HTTP):
Connects to ec2-54-72-228-186.eu-west-1.compute.amazonaws.com  (54.72.228.186:80)

TCP (HTTP):
Connects to ec2-54-229-195-23.eu-west-1.compute.amazonaws.com  (54.229.195.23:80)

TCP (HTTP):
Connects to ec2-54-225-216-220.compute-1.amazonaws.com  (54.225.216.220:80)

TCP (HTTP):

Remove PennyBeeW.exe - Powered by Reason Core Security