protectme.exe

ProtectMe.exe

ProtectMe

The application protectme.exe has been detected as a potentially unwanted program by 6 anti-malware scanners. While running, it connects to the Internet address s525.c4.crucialx.net on port 80 using the HTTP protocol.
Publisher:
ProtectMe

Product:
ProtectMe.exe

Version:
2.3.0.3

MD5:
0f734546745d1c69b92f4681ca19ad3d

SHA-1:
42d2a87e376460e7897472f5156c88cdd1c21c51

SHA-256:
a8f1f494b471313a3e5065593c83dfd9b90d2bc370de312348570c3c89266a5a

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 11:38:10 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

avast!
Win32:Dropper-gen [Drp]
2014.9-141026

AVG
Generic5
2015.0.3310

Baidu Antivirus
Adware.Win32.Loadshop
4.0.3.141026

ESET NOD32
Win32/AdWare.Loadshop
8.10609

McAfee
Artemis!0F734546745D
5600.6966

NANO AntiVirus
Riskware.Win32.Loadshop.dgvoaq
0.28.2.62841

File size:
1.3 MB (1,323,408 bytes)

Product version:
2.3.0.3

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\pctrunner\protectme.exe

File PE Metadata
Compilation timestamp:
10/9/2014 9:12:35 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
9.0

CTPH (ssdeep):
24576:GGi18TJSjTwG6Wg12DFcZENy9ybCIgv2I/kFJO1KK7TpllU95bqv/6TKuPQdDt9I:GG1TJSjb6+eyNMMCIgvyFk1n7Tpl+7wi

Entry address:
0x3755

Entry point:
E8, 02, 4C, 00, 00, E9, A4, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 63, 0C, 00, 00, 8B, FF, 56, 6A, 01, 68, 74, A0, 41, 00, 8B, F1, E8, 97, 0F, 00, 00, C7, 06, FC, 42, 41, 00, 8B, C6, 5E, C3, C7, 01, FC, 42, 41, 00, E9, FC, 0F, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, FC, 42, 41, 00, E8, E9, 0F, 00, 00, F6, 45, 08, 01, 74, 07, 56, E8, B0, FF, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 68, 0F, 00, 00, C7, 06, FC, 42, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 8B...
 
[+]

Entropy:
7.9777  (probably packed)

Code size:
68.5 KB (70,144 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-23-23-226-131.compute-1.amazonaws.com  (23.23.226.131:80)

TCP (HTTP SSL):
Connects to yk-in-f93.1e100.net  (74.125.196.93:443)

TCP (HTTP):
Connects to yk-in-f157.1e100.net  (74.125.196.157:80)

TCP (HTTP):
Connects to yk-in-f154.1e100.net  (74.125.196.154:80)

TCP (HTTP):
Connects to yk-in-f149.1e100.net  (74.125.196.149:80)

TCP (HTTP):
Connects to yk-in-f148.1e100.net  (74.125.196.148:80)

TCP (HTTP):
Connects to yk-in-f100.1e100.net  (74.125.196.100:80)

TCP (HTTP SSL):
Connects to yh-in-f157.1e100.net  (74.125.137.157:443)

TCP (HTTP SSL):
Connects to yh-in-f155.1e100.net  (74.125.137.155:443)

TCP (HTTP SSL):
Connects to yh-in-f138.1e100.net  (74.125.137.138:443)

TCP (HTTP SSL):
Connects to usage.trackjs.com  (162.243.1.175:443)

TCP (HTTP):
Connects to spdc.pbp.vip.ne1.yahoo.com  (98.138.47.34:80)

TCP (HTTP):
Connects to server-54-230-121-113.dfw50.r.cloudfront.net  (54.230.121.113:80)

TCP (HTTP):
Connects to server-54-192-38-67.jfk1.r.cloudfront.net  (54.192.38.67:80)

TCP (HTTP):
Connects to server-54-192-123-85.dfw50.r.cloudfront.net  (54.192.123.85:80)

TCP (HTTP):
Connects to server-54-192-122-66.dfw50.r.cloudfront.net  (54.192.122.66:80)

TCP (HTTP):
Connects to server-54-192-122-5.dfw50.r.cloudfront.net  (54.192.122.5:80)

TCP (HTTP):
Connects to server-54-192-122-126.dfw50.r.cloudfront.net  (54.192.122.126:80)

TCP (HTTP):
Connects to server-54-192-122-112.dfw50.r.cloudfront.net  (54.192.122.112:80)

TCP (HTTP):
Connects to s525.c4.crucialx.net  (67.208.118.66:80)

Remove protectme.exe - Powered by Reason Core Security