home

pirritdesktop.exe

Zugara Investments Limited

The application pirritdesktop.exe by Zugara Investments Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Zugara Investments Limited  (signed and verified)

MD5:
33e1f4d1ba2c558bab72959eb3706c32

SHA-1:
a0bd9b2b9b826879f3047084ad5e5044695531ff

SHA-256:
461635527e2b53170c44cdc1e8957f5c2c2b13f561c82efb806ca8d9040af4a5

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/27/2024 5:13:39 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ZugaraInvestmentsLimited.N
14.8.7.23

File size:
186.3 KB (190,808 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\pirritsuggestor\pirritdesktop.exe

Digital Signature
Signed by:
Zugara Investments Limited

Authority:
DigiCert Inc

Valid from:
6/7/2013 4:00:00 AM

Valid to:
6/9/2014 4:00:00 PM

Subject:
CN=Zugara Investments Limited, O=Zugara Investments Limited, L=Larnaca, C=CY

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0E69C9D3F6F493CFDD35EE66D63A5D96

File PE Metadata
Compilation timestamp:
2/14/2014 3:12:27 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:Woo9JBjZz4L14+jxE55VHZa2JRiIU2kOoaV8HfsGj7:WoMJRqJ4+NqZa2WIxkOoaVcRj7

Entry address:
0x1A699

Entry point:
E8, A5, 04, 00, 00, E9, 63, FD, FF, FF, CC, FF, 25, 0C, F1, 41, 00, FF, 25, 00, F1, 41, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, B8, A3, 42, 00, 89, 0D, B4, A3, 42, 00, 89, 15, B0, A3, 42, 00, 89, 1D, AC, A3, 42, 00, 89, 35, A8, A3, 42, 00, 89, 3D, A4, A3, 42, 00, 66, 8C, 15, D0, A3, 42, 00, 66, 8C, 0D, C4, A3, 42, 00, 66, 8C, 1D, A0, A3, 42, 00, 66, 8C, 05, 9C, A3, 42, 00, 66, 8C, 25, 98, A3, 42, 00, 66, 8C, 2D, 94, A3, 42, 00, 9C, 8F, 05, C8, A3, 42, 00, 8B, 45, 00, A3, BC, A3, 42, 00, 8B, 45...
 
[+]

Code size:
118 KB (120,832 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP):
Connects to wi-in-f139.1e100.net  (173.194.67.139:80)

TCP (HTTP):
Connects to SB_06053DF158314DF2.linkedin.com  (216.52.242.80:80)

TCP (HTTP):
Connects to sa-in-f95.1e100.net  (74.125.200.95:80)

TCP (HTTP):
Connects to s3-1.amazonaws.com  (72.21.211.170:80)

TCP (HTTP):
Connects to prg02s12-in-f25.1e100.net  (173.194.122.25:80)

TCP (HTTP):
Connects to prg02s12-in-f15.1e100.net  (173.194.122.15:80)

TCP (HTTP):
Connects to prg02s11-in-f6.1e100.net  (173.194.116.230:80)

TCP (HTTP):
Connects to prg02s11-in-f11.1e100.net  (173.194.116.235:80)

TCP (HTTP):
Connects to ni-in-f154.1e100.net  (74.125.135.154:80)

TCP (HTTP):
Connects to muc03s02-in-f6.1e100.net  (173.194.35.166:80)

TCP (HTTP):
Connects to maa03s16-in-f5.1e100.net  (74.125.236.165:80)

TCP (HTTP):
Connects to maa03s16-in-f15.1e100.net  (74.125.236.175:80)

TCP (HTTP):
Connects to maa03s16-in-f10.1e100.net  (74.125.236.170:80)

TCP (HTTP):
Connects to lhr14s19-in-f8.1e100.net  (173.194.34.72:80)

TCP (HTTP):
Connects to lga15s43-in-f27.1e100.net  (74.125.226.59:80)

TCP (HTTP):
Connects to lga15s43-in-f13.1e100.net  (74.125.226.45:80)

TCP (HTTP):
Connects to lga15s29-in-f13.1e100.net  (74.125.226.237:80)

TCP (HTTP):
Connects to fra07s31-in-f4.1e100.net  (173.194.112.132:80)

TCP (HTTP):
Connects to fra07s31-in-f27.1e100.net  (173.194.112.155:80)

Remove pirritdesktop.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.