pplauncher.exe

Asiasoft Online Pte Ltd

The application pplauncher.exe by Asiasoft Online Pte has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address xx-fbcdn-shv-01-hkg3.fbcdn.net on port 443.
Publisher:
Asiasoft Online Pte Ltd  (signed and verified)

MD5:
c0f60b981ea78252d72724d7f2c23973

SHA-1:
bec002ae62b1cff5e0bec4dd04cf5b752894684c

SHA-256:
929d40ee9cd39b85eb1cc44d4ca7db3c3ff2d33f37b80e8c0c061290cc44e1fd

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/27/2024 2:21:07 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.AsiasoftOnlinePte (M)
15.6.27.15

File size:
1 MB (1,088,328 bytes)

File type:
Executable application (Win32 EXE)

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
2/25/2013 3:16:07 PM

Valid to:
2/25/2016 3:16:07 PM

Subject:
CN=Asiasoft Online Pte Ltd, O=Asiasoft Online Pte Ltd, L=singapore, S=singapore, C=SG

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2781904484C928

File PE Metadata
Compilation timestamp:
11/20/2012 11:29:57 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:SJgjAOQNmhc2D438/HDQhc6CSsz5Cn6Tz+qxN1:GiAONDR8sd46Tp1

Entry address:
0x662BB

Entry point:
E9, 50, 99, 06, 00, E9, EB, D5, 03, 00, E9, 26, CB, 07, 00, E9, 01, EB, 01, 00, E9, 9C, 57, 03, 00, E9, F7, 31, 01, 00, E9, 42, 25, 01, 00, E9, 97, EA, 0B, 00, E9, B8, ED, 02, 00, E9, 23, 8F, 01, 00, E9, BE, 33, 0A, 00, E9, 29, CF, 08, 00, E9, 34, 02, 01, 00, E9, BF, A6, 06, 00, E9, 1A, 9F, 02, 00, E9, 75, AB, 03, 00, E9, C6, E8, 0B, 00, E9, EB, 05, 0B, 00, E9, 56, 39, 04, 00, E9, 01, 34, 01, 00, E9, 6C, 1C, 03, 00, E9, C7, 41, 04, 00, E9, 62, F3, 05, 00, E9, CD, 38, 04, 00, E9, C8, 67, 01, 00, E9, E3, A4...
 
[+]

Entropy:
5.7154

Developed / compiled with:
Microsoft Visual C++ 8.0 (Debug)

Code size:
834.5 KB (854,528 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-hkg3.fbcdn.net  (31.13.95.12:443)

TCP (HTTP):
Connects to static.vnpt.vn  (203.162.153.55:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-hkg3.facebook.com  (31.13.95.36:443)

TCP (HTTP SSL):
Connects to edge-atlas-shv-01-hkg3.facebook.com  (31.13.95.2:443)

Remove pplauncher.exe - Powered by Reason Core Security