PennyBeeW.exe

PennyBee

The application PennyBeeW.exe has been detected as a potentially unwanted program by 17 anti-malware scanners.
Product:
PennyBee

Version:
1.0.4.1

MD5:
4ecddc866034ae896e8ac871bac3d045

SHA-1:
b0cf0bb18a59020ed5c745a8afab1c579e4de99d

SHA-256:
e06e9804907aa38a7e85f0f7e2cea458d57938b250e938702188ddff15134482

Scanner detections:
17 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 5:18:46 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.11894194
852

AVG
Generic5
2015.0.3330

Baidu Antivirus
Adware.MSIL.Toolbar
4.0.3.14105

Bitdefender
Trojan.Generic.11894194
1.0.20.1390

Emsisoft Anti-Malware
Trojan.Generic.11894194
8.14.10.05.05

ESET NOD32
MSIL/Toolbar.Linkury (variant)
8.10515

Fortinet FortiGate
Adware/Linkury
10/5/2014

F-Secure
Trojan.Generic.11894194
11.2014-05-10_1

G Data
Trojan.Generic.11894194
14.10.24

Kaspersky
not-a-virus:WebToolbar.MSIL.Agent
14.0.0.3146

McAfee
Artemis!4ECDDC866034
5600.6986

Microsoft Security Essentials
Adware:Win32/PennyBee
1.11005

MicroWorld eScan
Trojan.Generic.11894194
15.0.0.834

nProtect
Trojan.Generic.11894194
14.10.05.01

Panda Antivirus
Trj/CI.A
14.10.05.05

Sophos
Generic PUA LA
4.98

Trend Micro House Call
TROJ_GEN.R0C1H01J214
7.2.278

File size:
393 KB (402,432 bytes)

Product version:
1.0.4.1

Copyright:
Copyright © 2014

Original file name:
PennyBeeW.exe

File type:
Executable application (Win32 EXE)

Language:
Turkish (Turkey)

Common path:
C:\Program Files\pennybee\pennybeew.exe

File PE Metadata
Compilation timestamp:
9/30/2014 11:59:49 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:ni1tXqoO4aBs/szMkJ3j0FfwcVzei3x+mZ:8zaBs/W7sf7Vqi3x+

Entry address:
0x5BBA2

Entry point:
FF, 25, B0, BB, 45, 00, 00, 00, 00, 00, 00, 00, 00, 00, 84, BB, 05, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, C0, 00, 00, 80, 10, 00...
 
[+]

Entropy:
5.9214

Code size:
359 KB (367,616 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 87.64.154.104.bc.googleusercontent.com  (104.154.64.87:80)

TCP (HTTP):
Connects to pc-b.bitgravity.com  (64.185.181.238:80)

TCP (HTTP):
Connects to ec2-54-197-249-33.compute-1.amazonaws.com  (54.197.249.33:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to w04.ttms.eu  (46.105.156.76:80)

TCP (HTTP):

TCP (HTTP):
Connects to ec2-54-210-36-181.compute-1.amazonaws.com  (54.210.36.181:80)

TCP (HTTP):
Connects to ec2-52-25-19-139.us-west-2.compute.amazonaws.com  (52.25.19.139:80)

TCP (HTTP):
Connects to ec2-34-199-132-228.compute-1.amazonaws.com  (34.199.132.228:80)

TCP (HTTP):

TCP (HTTP):
Connects to 178.155.155.104.bc.googleusercontent.com  (104.155.155.178:80)

TCP (HTTP):
Connects to t3-ha.ycpi.sgb.yahoo.com  (119.161.11.99:80)

TCP (HTTP):
Connects to iad23s24-in-f14.1e100.net  (74.125.228.238:80)

TCP (HTTP):
Connects to iad23s23-in-f5.1e100.net  (74.125.228.197:80)

TCP (HTTP):
Connects to hosted-by.leaseweb.com  (198.7.59.24:80)

TCP (HTTP):
Connects to haproxy7.ca.servers.visadd.com  (198.50.251.252:80)

TCP (HTTP):
Connects to float.452.bm-impbus.prod.nym2.adnexus.net  (68.67.152.208:80)

TCP (HTTP):
Connects to ec2-54-241-31-40.us-west-1.compute.amazonaws.com  (54.241.31.40:80)

TCP (HTTP):
Connects to ec2-54-214-49-184.us-west-2.compute.amazonaws.com  (54.214.49.184:80)

Remove PennyBeeW.exe - Powered by Reason Core Security