home

PennyBeeW.exe

PennyBee

MY POP SHOP LTD

The application PennyBeeW.exe by MY POP SHOP has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address blob.am5prdstr07a.store.core.windows.net on port 80 using the HTTP protocol.
Publisher:
MY POP SHOP LTD  (signed and verified)

Product:
PennyBee

Version:
1.0.2.0

MD5:
ea5829a651dd50e7e1bbadc0375e6095

SHA-1:
bcab51166f3233f078c0909e0278df5b84546499

SHA-256:
181b5198e08fcc816f87cfd902e2d44430067c0dee06615d40e9ef50b03c4c75

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 3:02:46 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.MYPOPSHOP.J
14.8.14.11

File size:
398 KB (407,560 bytes)

Product version:
1.0.2.0

Copyright:
Copyright © 2014

Original file name:
PennyBeeW.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\pennybee\pennybeew.exe

Digital Signature
Signed by:
MY POP SHOP LTD

Authority:
COMODO CA Limited

Valid from:
7/22/2014 2:00:00 AM

Valid to:
7/23/2015 1:59:59 AM

Subject:
CN=MY POP SHOP LTD, O=MY POP SHOP LTD, STREET=14 Shenkar Arie, L=HERZLIYA, S=NA, PostalCode=46725, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
35094C1DF20178F98B53D36DE3005002

File PE Metadata
Compilation timestamp:
8/11/2014 4:10:57 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:xb1EkT7ly7sZknsyda34PucHfkcCPdcQTpj:Au7lws8vwC5HaPdcQ9j

Entry address:
0x5B3D6

Entry point:
FF, 25, E4, B3, 45, 00, 00, 00, 00, 00, 00, 00, 00, 00, B8, B3, 05, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, C0, 00, 00, 80, 10, 00, 00, 00, F0, 00, 00, 80, 18, 00, 00, 00, 20, 01, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 02, 00, 00, 00, 60, 00, 00, 80, 03, 00, 00, 00, 78, 00, 00, 80, 04, 00, 00, 00, 90, 00...
 
[+]

Code size:
357 KB (365,568 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to blob.am5prdstr07a.store.core.windows.net  (13.95.96.184:80)

TCP (HTTP):
Connects to ec2-54-85-97-42.compute-1.amazonaws.com  (54.85.97.42:80)

TCP (HTTP):
Connects to ec2-34-192-98-18.compute-1.amazonaws.com  (34.192.98.18:80)

TCP (HTTP):
Connects to a7.8c.adb8.ip4.static.sl-reverse.com  (184.173.140.167:80)

TCP (HTTP):
Connects to a2.8c.adb8.ip4.static.sl-reverse.com  (184.173.140.162:80)

TCP (HTTP):
Connects to ec2-52-221-1-210.ap-southeast-1.compute.amazonaws.com  (52.221.1.210:80)

TCP (HTTP):
Connects to ec2-23-21-218-182.compute-1.amazonaws.com  (23.21.218.182:80)

TCP (HTTP):
Connects to 174.127.72.240.static.midphase.com  (174.127.72.240:80)

TCP (HTTP):
Connects to 46.c8.c0ad.ip4.static.sl-reverse.com  (173.192.200.70:80)

TCP (HTTP):
Connects to vip0x007.map2.ssl.hwcdn.net  (209.197.3.7:80)

TCP (HTTP):
Connects to ec2-54-84-230-128.compute-1.amazonaws.com  (54.84.230.128:80)

TCP (HTTP):
Connects to ec2-54-243-37-92.compute-1.amazonaws.com  (54.243.37.92:80)

TCP (HTTP):
Connects to ec2-54-221-252-20.compute-1.amazonaws.com  (54.221.252.20:80)

TCP (HTTP):
Connects to ec2-52-74-103-29.ap-southeast-1.compute.amazonaws.com  (52.74.103.29:80)

TCP (HTTP):
Connects to eb.83.1732.ip4.static.sl-reverse.com  (50.23.131.235:80)

TCP (HTTP):
Connects to mbean.do  (107.170.66.153:80)

TCP (HTTP):
Connects to ec2-52-221-108-35.ap-southeast-1.compute.amazonaws.com  (52.221.108.35:80)

TCP (HTTP):
Connects to ec2-52-220-242-160.ap-southeast-1.compute.amazonaws.com  (52.220.242.160:80)

TCP (HTTP):
Connects to ec2-23-23-98-123.compute-1.amazonaws.com  (23.23.98.123:80)

TCP (HTTP):
Connects to ec2-176-34-114-58.eu-west-1.compute.amazonaws.com  (176.34.114.58:80)

Remove PennyBeeW.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.