The file pi1vgjqw.exe by Orange Room Interactive has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from int.cdn.hw.buccaneerweb.info and multiple other hosts.
MD5:
b95fe4c1963eda8b361334ac80ba9b10
SHA-1:
581d90473174af489ca5d2a984bad20691505469
Scanner detections:
1 / 68
Status:
Potentially unwanted
Analysis date:
11/2/2024 11:32:47 AM UTC (today)
Scan engine
Detection
Engine version
Reason Heuristics
Adware.OrangeRoom (M)
17.1.13.14
File size:
113.8 KB (116,488 bytes)
Common path:
C:\users\{user}\appdata\local\temp\pi1vgjqw.exe.part
Authority:
GoDaddy.com, Inc.
Valid from:
5/20/2016 2:21:38 AM
Valid to:
5/20/2017 2:21:38 AM
Subject:
CN=Orange Room Interactive, O=Orange Room Interactive, L=San Francisco, S=California, C=US
Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US
Serial number:
6807B9DA74814348
The file pi1vgjqw.exe has been seen being distributed by the following 50 URLs.
http://int.cdn.hw.buccaneerweb.info/dl-pure/1205147/.../?bc=1205147&checksum=185379297&cb=-792686354&usefilename=true&executableroutePath=1204993&stub=true
http://int.cdn.hw.drivencom.info/dl-pure/1205003/.../?bc=1205003&checksum=180182859&cb=-266245465&usefilename=true&executableroutePath=1204993&stub=true
http://int.cdn.hw.championlink.info/dl-pure/1204827/.../?bc=1204827&checksum=175940573&cb=-524221750&usefilename=true&executableroutePath=1204993&stub=true
http://int.cdn.hw.championlink.info/dl-pure/1204827/.../?bc=1204827&checksum=175940573&cb=-1224251433&usefilename=true&executableroutePath=1204993&stub=true
http://int.cdn.hw.reliantretail.info/dl-pure/1204971/.../?bc=1204971&checksum=185219115&filename=Setup.exe&cb=292090645&usefilename=true&executableroutePath=1204993&stub=true
http://int.cdn.hw.propertiessoft.info/dl-pure/1200293/.../?bc=1200293&checksum=43512471&cb=-1556242499&usefilename=true&executableroutePath=1204993&stub=true
http://int.cdn.hw.mainstreamemail.info/dl-pure/1205029/.../?bc=1205029&checksum=182292365&cb=516861242&usefilename=true&executableroutePath=1204993&stub=true
http://int.cdn.hw.drivencom.info/dl-pure/1205003/.../?bc=1205003&checksum=180446609&cb=1375178200&usefilename=true&executableroutePath=1204993&stub=true
http://int.cdn.hw.installzone.info/dl-pure/1200319/.../?bc=1200319&checksum=171046633&cb=1990408883&usefilename=true&executableroutePath=1204993&stub=true
http://int.cdn.hw.entouragebrowser.info/dl-pure/1200023/.../?bc=1200023&checksum=177967923&cb=1837729385&usefilename=true&executableroutePath=1204993&stub=true
http://int.cdn.hw.highplainsinternet.info/dl-pure/1204597/.../?bc=1204597&checksum=173754661&cb=993543641&usefilename=true&executableroutePath=1204993&stub=true
http://int.cdn.hw.drivencom.info/dl-pure/1205003/.../?bc=1205003&checksum=180204731&cb=-583765244&usefilename=true&executableroutePath=1204993&stub=true
http://int.cdn.hw.drivencom.info/dl-pure/1205003/.../?bc=1205003&checksum=180436989&cb=392547903&usefilename=true&executableroutePath=1204993&stub=true
http://int.cdn.hw.entouragebrowser.info/dl-pure/1200023/.../?bc=1200023&checksum=169339563&cb=971937981&usefilename=true&executableroutePath=1204993&stub=true
http://int.cdn.hw.drivencom.info/dl-pure/1205003/.../?bc=1205003&checksum=184596157&cb=1623666926&usefilename=true&executableroutePath=1204993&stub=true
http://int.cdn.hw.drivencom.info/dl-pure/1205003/.../?bc=1205003&checksum=180612073&cb=-999811984&usefilename=true&executableroutePath=1204993&stub=true
http://int.cdn.hw.entouragebrowser.info/dl-pure/1200023/.../?bc=1200023&checksum=169292293&cb=676184794&usefilename=true&executableroutePath=1204993&stub=true
http://int.cdn.hw.informretail.info/dl-pure/1204971/.../?bc=1204971&checksum=186114341&filename=Setup.exe&cb=-1836205534&usefilename=true&executableroutePath=1204993&stub=true
http://int.cdn.hw.installzone.info/dl-pure/1200319/.../?bc=1200319&checksum=162662593&cb=198602339&usefilename=true&executableroutePath=1204993&stub=true
http://int.cdn.hw.informretail.info/dl-pure/1205305/.../?bc=1205305&checksum=185728569&filename=Setup.exe&cb=-261689594&usefilename=true&executableroutePath=1204993&stub=true
http://int.cdn.hw.reliantretail.info/dl-pure/1204971/.../?bc=1204971&checksum=185236371&filename=Setup.exe&cb=-455881934&usefilename=true&executableroutePath=1204993&stub=true
http://int.cdn.hw.eurekacom.info/dl-pure/1201821/.../?bc=1201821&checksum=176965671&cb=-113655537&usefilename=true&executableroutePath=1204993&stub=true
http://int.cdn.hw.installzone.info/dl-pure/1200319/.../?bc=1200319&checksum=162030105&cb=1848199830&usefilename=true&executableroutePath=1204993&stub=true
http://int.cdn.hw.installzone.info/dl-pure/1200319/.../?bc=1200319&checksum=121727821&cb=-433524290&usefilename=true&executableroutePath=1204993&stub=true
http://int.cdn.hw.entouragebrowser.info/dl-pure/1200023/.../?bc=1200023&checksum=173078185&cb=475468947&usefilename=true&executableroutePath=1204993&stub=true
http://int.cdn.hw.reliantretail.info/dl-pure/1204971/.../?bc=1204971&checksum=185220709&filename=Setup.exe&cb=-1957845731&usefilename=true&executableroutePath=1204993&stub=true
http://int.cdn.hw.eurekacom.info/dl-pure/1201821/.../?bc=1201821&checksum=177278607&cb=1255734484&usefilename=true&executableroutePath=1204993&stub=true
http://int.cdn.hw.drivencom.info/dl-pure/1205003/.../?bc=1205003&checksum=182916469&cb=1869821875&usefilename=true&executableroutePath=1204993&stub=true
http://int.cdn.hw.highplainsinternet.info/dl-pure/1204597/.../?bc=1204597&checksum=173761329&cb=144243550&usefilename=true&executableroutePath=1204993&stub=true
http://radublog.ro/Counter-Strike2017.exe
Latest 30 of 76 download URLs
The executing file has been seen to make the following network communications in live environments.