home

PennyBeeW.exe

Starter

MY POP SHOP LTD

The application PennyBeeW.exe by MY POP SHOP has been detected as adware by 2 anti-malware scanners. While running, it connects to the Internet address mx-ll-110.164.10-30.static.3bb.co.th on port 80 using the HTTP protocol.
Publisher:
MY POP SHOP LTD  (signed and verified)

Product:
Starter

Version:
1.0.1.0

MD5:
3868a72bd484026c0eb60679a387a284

SHA-1:
df944d947dcb7b1f165a192284f5f204ed05d7c7

SHA-256:
90fbe3c4e318a58ab3114200e7adc60293e353802de315aa7e3869521ec2b3e4

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
11/23/2024 11:09:33 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.MYPOPSHOP.J
14.8.8.0

VIPRE Antivirus
Threat.4783962
31208

File size:
65.9 KB (67,456 bytes)

Product version:
1.0.1.0

Copyright:
Copyright © 2014

Original file name:
PennyBeeW.exe

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\pennybee\pennybeew.exe

Digital Signature
Signed by:
MY POP SHOP LTD

Authority:
COMODO CA Limited

Valid from:
7/6/2014 8:00:00 PM

Valid to:
7/7/2015 7:59:59 PM

Subject:
CN=MY POP SHOP LTD, O=MY POP SHOP LTD, STREET=14 Shenkar Arie, L=HERZLIYA, S=NA, PostalCode=46725, C=IL

Serial number:
4A7D93FD75281A37A4ADCDCD636D3ADB

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
768:L8Dy7lP9+aFxXDoUvsmau93AZ41p7oa/Gd5auNc1rL+zfm:L8GdZXDoUUmau93AZ41Fnc0S8ezO

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 60, 00, 00, 80, 10, 00, 00, 00, 78, 00, 00, 80, 18, 00, 00, 00, 90, 00...
 
[+]

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to mx-ll-110.164.10-30.static.3bb.co.th  (110.164.10.30:80)

TCP (HTTP):
Connects to static.23.85.40.188.clients.your-server.de  (188.40.85.23:80)

TCP (HTTP):
Connects to shared01.4goodhosting.com  (65.39.184.138:80)

TCP (HTTP):
Connects to server-54-230-49-234.jfk5.r.cloudfront.net  (54.230.49.234:80)

TCP (HTTP):
Connects to mx-ll-110.164.16-104.static.3bb.co.th  (110.164.16.104:80)

TCP (HTTP):
Connects to malwaretips.com  (198.1.119.172:80)

TCP (HTTP):
Connects to ham02s11-in-f31.1e100.net  (173.194.113.159:80)

TCP (HTTP):
Connects to ee-in-f113.1e100.net  (173.194.65.113:80)

TCP (HTTP):
Connects to ec2-54-243-56-0.compute-1.amazonaws.com  (54.243.56.0:80)

TCP (HTTP):
Connects to ec2-54-214-6-146.us-west-2.compute.amazonaws.com  (54.214.6.146:80)

TCP (HTTP):
Connects to ec2-54-187-9-237.us-west-2.compute.amazonaws.com  (54.187.9.237:80)

TCP (HTTP):
Connects to e1.ttms.eu  (46.105.156.67:80)

TCP (HTTP):
Connects to de-in-f105.1e100.net  (74.125.24.105:80)

TCP (HTTP):
Connects to de-in-f101.1e100.net  (74.125.24.101:80)

TCP (HTTP):
Connects to blob.am5prdstr07a.store.core.windows.net  (13.95.96.184:80)

TCP (HTTP):
Connects to 108.168.151.6-static.reverse.softlayer.com  (108.168.151.6:80)

Remove PennyBeeW.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.