PennyBeeW.exe

PennyBeeW

The application PennyBeeW.exe has been detected as a potentially unwanted program by 10 anti-malware scanners.
Product:
PennyBeeW

Version:
1.0.6.0

MD5:
51c551e4aad4470700e4a0da67a25539

SHA-1:
ffd726771e29b5258c588ee8a1cfa774a182f78c

SHA-256:
6c9bba656bf378fde661ad6c3df8094b5a653ef55206b7d1e1ff7a89df6a27e7

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 4:11:13 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.468568
801

avast!
Win32:Dropper-gen [Drp]
2014.9-141126

Baidu Antivirus
PUA.MSIL.Linkury
4.0.3.141126

Bitdefender
Gen:Variant.Kazy.468568
1.0.20.1650

Emsisoft Anti-Malware
Gen:Variant.Kazy.468568
8.14.11.26.06

ESET NOD32
MSIL/Toolbar.Linkury (variant)
8.10774

F-Secure
Gen:Variant.Kazy.468568
11.2014-26-11_4

G Data
Gen:Variant.Kazy.468568
14.11.24

MicroWorld eScan
Gen:Variant.Kazy.468568
15.0.0.990

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

File size:
330 KB (337,920 bytes)

Product version:
1.0.6.0

Copyright:
Copyright © 2014

Original file name:
PennyBeeW.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\pennybee\pennybeew.exe

File PE Metadata
Compilation timestamp:
11/21/2014 2:33:55 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:NpkLdwZIJOyQ3VTx0aCPCLxQOP4ePAFUGf0VuaLDGM+vbI57:LcOySx0aCqLxjPAFUXuam67

Entry address:
0x4BFA6

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, B0, 04, 00, 0C, 00, 00, 00, A8, 3F, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
296 KB (303,104 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to rtr3.l7.search.vip.ir2.yahoo.com  (217.12.15.96:80)

TCP (HTTP):
Connects to ec2-54-235-95-208.compute-1.amazonaws.com  (54.235.95.208:80)

TCP (HTTP):

TCP (HTTP):
Connects to ec2-50-17-205-172.compute-1.amazonaws.com  (50.17.205.172:80)

TCP (HTTP):
Connects to ec2-23-21-135-41.compute-1.amazonaws.com  (23.21.135.41:80)

TCP (HTTP):
Connects to blob.am5prdstr07a.store.core.windows.net  (13.95.96.184:80)

TCP (HTTP):
Connects to zing.vn  (118.102.1.101:80)

TCP (HTTP):
Connects to unn-95-168-215-33.superhosting.cz  (95.168.215.33:80)

TCP (HTTP):
Connects to unn-95-168-204-99.superhosting.cz  (95.168.204.99:80)

TCP (HTTP):
Connects to svr154.fastwebhost.com  (67.225.171.8:80)

TCP (HTTP):
Connects to static.vdc.vn  (222.255.27.157:80)

TCP (HTTP):
Connects to server-54-230-79-200.cdg50.r.cloudfront.net  (54.230.79.200:80)

TCP (HTTP):
Connects to server-54-192-36-124.jfk1.r.cloudfront.net  (54.192.36.124:80)

TCP (HTTP):
Connects to sea15s02-in-f4.1e100.net  (216.58.216.164:80)

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (52.216.226.218:80)

TCP (HTTP):
Connects to rtas-22.btrll.com  (165.254.30.162:80)

TCP (HTTP):
Connects to ptr.vng.vn  (120.138.69.8:80)

TCP (HTTP):
Connects to ox-173-241-242-220.xv.dc.openx.org  (173.241.242.220:80)

TCP (HTTP):
Connects to ox-173-241-242-219.xv.dc.openx.org  (173.241.242.219:80)

TCP (HTTP):
Connects to ns8929.dotvndns.vn  (112.213.89.29:80)

Remove PennyBeeW.exe - Powered by Reason Core Security