» PennyBeeW.exe
Overview
Analysis
File Details
Network (18)

PennyBeeW.exe

StproW

Resoft Ltd

The application PennyBeeW.exe by Resoft has been detected as adware by 23 anti-malware scanners. While running, it connects to the Internet address server-52-85-33-44.mnl50.r.cloudfront.net on port 80 using the HTTP protocol.

File name:

PennyBeeW.exe

Publisher:

Resoft Ltd (signed and verified)

Product:

StproW

Version:

1.0.0.21896

MD5:

afc7c41fdab0b55f64edd1b26b672400

SHA-1:

e425d4db98e0f89df2cf6a49cc73e8982d2cc582

SHA-256:

4cec3d280f12c48229fb6dc48082d2d813bb560a136856d60a2cce85b68d21d7

Scanner detections:

23 / 68

Status:

Adware

Analysis date:

11/23/2024 2:21:18 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Generic.1250776

616

Agnitum Outpost

PUA.DealPly

7.1.1

AVG

Resoft

2016.0.3094

Baidu Antivirus

Adware.MSIL.Linkury

4.0.3.15530

Bitdefender

Adware.Generic.1250776

1.0.20.750

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Adware.Linkury.34

9.0.1.0150

Emsisoft Anti-Malware

Adware.Generic.1250776

8.15.05.30.05

ESET NOD32

MSIL/Toolbar.Linkury.M.gen potentially unwanted (variant)

9.11707

Fortinet FortiGate

Adware/DealPly

5/30/2015

F-Secure

Adware.Generic.1250776

11.2015-30-05_7

G Data

Adware.Generic.1250776

15.5.25

K7 AntiVirus

Adware

13.204.16076

Kaspersky

not-a-virus:HEUR:AdWare.MSIL.DealPly

14.0.0.1964

McAfee

Artemis!AFC7C41FDAB0

5600.6750

MicroWorld eScan

Adware.Generic.1250776

16.0.0.450

Panda Antivirus

Generic Suspicious

15.05.30.05

Qihoo 360 Security

Win32/Virus.Adware.fa2

1.0.0.1015

Reason Heuristics

PUP.Resoft

15.5.30.5

Sophos

Generic PUA OE

4.98

Trend Micro House Call

TROJ_GEN.R02KC0OEQ15

7.2.150

Trend Micro

TROJ_GEN.R02KC0OEQ15

10.465.30

VIPRE Antivirus

Trojan.Win32.Generic

40666

File size:

308.5 KB (315,920 bytes)

Product version:

1.0.16.0

Original file name:

PennyBeeW.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\pennybee\pennybeew.exe

Digital Signature

Signed by:

Resoft Ltd

Authority:

COMODO CA Limited

Valid from:

7/27/2014 7:00:00 AM

Valid to:

7/28/2015 6:59:59 AM

Subject:

CN=Resoft Ltd, OU=514841295, O=Resoft Ltd, STREET=Shenkar 14, L=Hertzlya, S=TLV, PostalCode=4672514, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00B62CA8A9ACC55E3B44E1AF28CC92345B

File PE Metadata

Compilation timestamp:

5/18/2015 5:26:45 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:1lX6IIbNcEil3tGrV0aUja6DHFGeza3WKL:7X6zbN6lkGl2L

Entry address:

0x4C7EE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, C0, 04, 00, 0C, 00, 00, 00, F0, 37, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.3638

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

298 KB (305,152 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to blob.am5prdstr07a.store.core.windows.net (13.95.96.184:80)

TCP (HTTP):

Connects to ec2-54-83-55-118.compute-1.amazonaws.com (54.83.55.118:80)

TCP (HTTP):

Connects to ocsp.comodoca.com (178.255.83.1:80)

TCP (HTTP):

Connects to a23-46-107-27.deploy.static.akamaitechnologies.com (23.46.107.27:80)

TCP (HTTP):

Connects to server-52-85-33-74.mnl50.r.cloudfront.net (52.85.33.74:80)

TCP (HTTP):

Connects to ec2-23-21-218-182.compute-1.amazonaws.com (23.21.218.182:80)

TCP (HTTP):

Connects to server-52-85-33-44.mnl50.r.cloudfront.net (52.85.33.44:80)

TCP (HTTP):

Connects to server-52-85-33-172.mnl50.r.cloudfront.net (52.85.33.172:80)

TCP (HTTP):

Connects to server-52-85-33-144.mnl50.r.cloudfront.net (52.85.33.144:80)

TCP (HTTP):

Connects to lu-in-f103.1e100.net (74.125.131.103:80)

TCP (HTTP):

Connects to lo-in-f94.1e100.net (173.194.222.94:80)

TCP (HTTP):

Connects to lo-in-f106.1e100.net (173.194.222.106:80)

TCP (HTTP):

Connects to lm-in-f147.1e100.net (173.194.221.147:80)

TCP (HTTP):

Connects to lk-in-f94.1e100.net (173.194.220.94:80)

TCP (HTTP):

Connects to lg-in-f105.1e100.net (64.233.165.105:80)

TCP (HTTP):

Connects to lf-in-f94.1e100.net (64.233.164.94:80)

TCP (HTTP):

Connects to le-in-f94.1e100.net (74.125.205.94:80)

TCP (HTTP):

Connects to ec2-107-20-201-241.compute-1.amazonaws.com (107.20.201.241:80)

Remove PennyBeeW.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.