photomania.exe

Trionity Web Services LTD

The application photomania.exe by Trionity Web Services has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program PhotoMania by ICARUS . While running, it connects to the Internet address edge-star-shv-02-mia1.facebook.com on port 443.
Publisher:
Trionity Web Services LTD  (signed and verified)

MD5:
dedf0442ea7e11b2a891fab2b8bcde65

SHA-1:
4e601c98620b555743faa4315a777ba4f49567c2

SHA-256:
a490901742e055025d9a15d2bf3d925af12c895e9514ed6de9c5fc52de5d6e62

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 5:16:27 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TrionityWebServices.K
14.9.26.13

File size:
481.6 KB (493,208 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\photomania\photomania.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
10/17/2012 8:00:00 PM

Valid to:
10/18/2013 7:59:59 PM

Subject:
CN=Trionity Web Services LTD, O=Trionity Web Services LTD, L=Tel Aviv-Jaffa, S=ISRAEL, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
089EC6DB2E1E1FCBC9B2C39672477C07

File PE Metadata
Compilation timestamp:
8/5/2012 1:25:58 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:P1KJPkxwA4gAAZ8Iz3gW1Vfdob7f8t806okn:PuPk5P8ih1Jdo3f8tan

Entry address:
0x29905

Entry point:
E8, 05, 4A, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, A3, 58, 5A, 44, 00, 5D, C3, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A1, 78, 42, 44, 00, 33, C5, 89, 45, FC, 53, 8B, 5D, 08, 57, 83, FB, FF, 74, 07, 53, E8, 67, 4A, 00, 00, 59, 83, A5, E0, FC, FF, FF, 00, 6A, 4C, 8D, 85, E4, FC, FF, FF, 6A, 00, 50, E8, 25, 09, 00, 00, 8D, 85, E0, FC, FF, FF, 89, 85, D8, FC, FF, FF, 8D, 85, 30, FD, FF, FF, 83, C4, 0C, 89, 85, DC, FC, FF, FF, 89, 85, E0, FD, FF, FF, 89, 8D, DC, FD, FF, FF, 89, 95, D8...
 
[+]

Entropy:
6.5187

Code size:
236 KB (241,664 bytes)

The file photomania.exe has been discovered within the following program.

PhotoMania  by ICARUS
www.photomania.com
About 8% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to server-54-230-163-215.jax1.r.cloudfront.net  (54.230.163.215:80)

TCP (HTTP):
Connects to edge-star-mini-shv-02-mia1.facebook.com  (157.240.0.35:80)

TCP (HTTP):
Connects to server-54-230-81-210.mia50.r.cloudfront.net  (54.230.81.210:80)

TCP (HTTP SSL):
Connects to edge-star-shv-02-mia1.facebook.com  (157.240.0.17:443)

TCP (HTTP):
Connects to server-52-84-174-47.gru50.r.cloudfront.net  (52.84.174.47:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-mia1.facebook.com  (31.13.73.36:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-eze1.facebook.com  (31.13.94.35:443)

TCP (HTTP):
Connects to 19.81.36a9.ip4.static.sl-reverse.com  (169.54.129.25:80)

TCP (HTTP):
Connects to etg-01-025.etg.ras.cantv.net  (200.44.26.25:80)

TCP (HTTP):
Connects to etg-01-019.etg.ras.cantv.net  (200.44.26.19:80)

TCP (HTTP):
Connects to a118-214.160-195.deploy.akamaitechnologies.com  (118.214.160.195:80)

TCP (HTTP):
Connects to server-54-230-163-243.jax1.r.cloudfront.net  (54.230.163.243:80)

TCP (HTTP):
Connects to server-52-85-107-225.jax1.r.cloudfront.net  (52.85.107.225:80)

TCP (HTTP):
Connects to etg-01-074.etg.ras.cantv.net  (200.44.26.74:80)

TCP (HTTP):
Connects to etg-01-024.etg.ras.cantv.net  (200.44.26.24:80)

TCP (HTTP):
Connects to ec2-54-174-247-15.compute-1.amazonaws.com  (54.174.247.15:80)

TCP (HTTP):
Connects to ec2-52-21-85-204.compute-1.amazonaws.com  (52.21.85.204:80)

TCP (HTTP):
Connects to ec2-52-206-182-223.compute-1.amazonaws.com  (52.206.182.223:80)

TCP (HTTP):
Connects to ec2-23-23-220-195.compute-1.amazonaws.com  (23.23.220.195:80)

TCP (HTTP):
Connects to ec2-107-21-94-87.compute-1.amazonaws.com  (107.21.94.87:80)

Remove photomania.exe - Powered by Reason Core Security