PennyBeeW.exe

StproW

Resoft Ltd

The application PennyBeeW.exe by Resoft has been detected as adware by 23 anti-malware scanners. While running, it connects to the Internet address server-52-85-33-44.mnl50.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Resoft Ltd  (signed and verified)

Product:
StproW

Version:
1.0.0.21896

MD5:
afc7c41fdab0b55f64edd1b26b672400

SHA-1:
e425d4db98e0f89df2cf6a49cc73e8982d2cc582

SHA-256:
4cec3d280f12c48229fb6dc48082d2d813bb560a136856d60a2cce85b68d21d7

Scanner detections:
23 / 68

Status:
Adware

Analysis date:
12/24/2024 4:25:07 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.1250776
616

Agnitum Outpost
PUA.DealPly
7.1.1

AVG
Resoft
2016.0.3094

Baidu Antivirus
Adware.MSIL.Linkury
4.0.3.15530

Bitdefender
Adware.Generic.1250776
1.0.20.750

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Linkury.34
9.0.1.0150

Emsisoft Anti-Malware
Adware.Generic.1250776
8.15.05.30.05

ESET NOD32
MSIL/Toolbar.Linkury.M.gen potentially unwanted (variant)
9.11707

Fortinet FortiGate
Adware/DealPly
5/30/2015

F-Secure
Adware.Generic.1250776
11.2015-30-05_7

G Data
Adware.Generic.1250776
15.5.25

K7 AntiVirus
Adware
13.204.16076

Kaspersky
not-a-virus:HEUR:AdWare.MSIL.DealPly
14.0.0.1964

McAfee
Artemis!AFC7C41FDAB0
5600.6750

MicroWorld eScan
Adware.Generic.1250776
16.0.0.450

Panda Antivirus
Generic Suspicious
15.05.30.05

Qihoo 360 Security
Win32/Virus.Adware.fa2
1.0.0.1015

Reason Heuristics
PUP.Resoft
15.5.30.5

Sophos
Generic PUA OE
4.98

Trend Micro House Call
TROJ_GEN.R02KC0OEQ15
7.2.150

Trend Micro
TROJ_GEN.R02KC0OEQ15
10.465.30

VIPRE Antivirus
Trojan.Win32.Generic
40666

File size:
308.5 KB (315,920 bytes)

Product version:
1.0.16.0

Copyright:
Copyright © 2014

Original file name:
PennyBeeW.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\pennybee\pennybeew.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/27/2014 7:00:00 AM

Valid to:
7/28/2015 6:59:59 AM

Subject:
CN=Resoft Ltd, OU=514841295, O=Resoft Ltd, STREET=Shenkar 14, L=Hertzlya, S=TLV, PostalCode=4672514, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B62CA8A9ACC55E3B44E1AF28CC92345B

File PE Metadata
Compilation timestamp:
5/18/2015 5:26:45 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:1lX6IIbNcEil3tGrV0aUja6DHFGeza3WKL:7X6zbN6lkGl2L

Entry address:
0x4C7EE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, C0, 04, 00, 0C, 00, 00, 00, F0, 37, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.3638

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
298 KB (305,152 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to blob.am5prdstr07a.store.core.windows.net  (13.95.96.184:80)

TCP (HTTP):
Connects to ec2-54-83-55-118.compute-1.amazonaws.com  (54.83.55.118:80)

TCP (HTTP):
Connects to ocsp.comodoca.com  (178.255.83.1:80)

TCP (HTTP):

TCP (HTTP):
Connects to server-52-85-33-74.mnl50.r.cloudfront.net  (52.85.33.74:80)

TCP (HTTP):
Connects to ec2-23-21-218-182.compute-1.amazonaws.com  (23.21.218.182:80)

TCP (HTTP):
Connects to server-52-85-33-44.mnl50.r.cloudfront.net  (52.85.33.44:80)

TCP (HTTP):
Connects to server-52-85-33-172.mnl50.r.cloudfront.net  (52.85.33.172:80)

TCP (HTTP):
Connects to server-52-85-33-144.mnl50.r.cloudfront.net  (52.85.33.144:80)

TCP (HTTP):
Connects to lu-in-f103.1e100.net  (74.125.131.103:80)

TCP (HTTP):
Connects to lo-in-f94.1e100.net  (173.194.222.94:80)

TCP (HTTP):
Connects to lo-in-f106.1e100.net  (173.194.222.106:80)

TCP (HTTP):
Connects to lm-in-f147.1e100.net  (173.194.221.147:80)

TCP (HTTP):
Connects to lk-in-f94.1e100.net  (173.194.220.94:80)

TCP (HTTP):
Connects to lg-in-f105.1e100.net  (64.233.165.105:80)

TCP (HTTP):
Connects to lf-in-f94.1e100.net  (64.233.164.94:80)

TCP (HTTP):
Connects to le-in-f94.1e100.net  (74.125.205.94:80)

TCP (HTTP):
Connects to ec2-107-20-201-241.compute-1.amazonaws.com  (107.20.201.241:80)

Remove PennyBeeW.exe - Powered by Reason Core Security