» richie_stephens_ft_general_degree_rock_me.mp3.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (54)
Network (1)

richie_stephens_ft_general_degree_rock_me.mp3.exe

VKontakte DJ

RECORD LLC

The application richie_stephens_ft_general_degree_rock_me.mp3.exe by RECORD has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘VkontakteDJ’. The file has been seen being downloaded from m.freemp3now.net and multiple other hosts. While running, it connects to the Internet address h1net188-64-172-90.h1host.ru on port 80 using the HTTP protocol.

File name:

Publisher:

RECORD LLC (signed and verified)

Product:

VKontakte DJ

Description:

VKDJ, Player

Version:

3.72.0.0

MD5:

ea588264ea4abe71fd1f7ee39def8d14

SHA-1:

08045c168daa6d5b07f130edb7988acb8e553305

SHA-256:

a3b43002713c882c64497b73fe3ccd3991accfed91161147f582dc5b83ee2649

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/27/2024 10:39:37 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.RECORD (M)

16.1.15.11

File size:

5 MB (5,256,888 bytes)

Product version:

3.72

Original file name:

VKontakte-DJ.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\richie_stephens_ft_general_degree_rock_me.mp3.exe

Digital Signature

Signed by:

RECORD LLC

Authority:

COMODO CA Limited

Valid from:

2/16/2015 4:00:00 PM

Valid to:

2/16/2018 3:59:59 PM

Subject:

CN=RECORD LLC, O=RECORD LLC, STREET="Kolomyazhsky 33, liter A", L=Saint-Petersburg, S=Saint-Petersburg, PostalCode=197341, C=RU

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

58EE01AAB8D97EDC88B98056655D1841

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:BkzSYKbxkoblQ4hHYpHa8rIE2Lb9gcQ5FRdzExYfcmeuvN2:azSYKGobRBYp68wbrQ5FbESknuV2

Entry address:

0x27CF24

Entry point:

55, 8B, EC, 83, C4, EC, 53, 56, 57, 33, C0, 89, 45, EC, B8, EC, C3, 67, 00, E8, A0, A9, D8, FF, 33, C0, 55, 68, EE, CF, 67, 00, 64, FF, 30, 64, 89, 20, E8, A9, EC, FF, FF, 33, C0, 55, 68, 96, CF, 67, 00, 64, FF, 30, 64, 89, 20, A1, 7C, 36, 69, 00, 8B, 00, E8, 43, 55, E0, FF, B9, 7C, 6C, 69, 00, A1, 7C, 36, 69, 00, 8B, 00, 8B, 15, A0, 3D, 64, 00, E8, 4C, 55, E0, FF, A1, 7C, 36, 69, 00, 8B, 00, E8, D4, 55, E0, FF, 33, C0, 5A, 59, 59, 64, 89, 10, EB, 30, E9, 91, 77, D8, FF, 01, 00, 00, 00, A4, 90, 40, 00, A7... 
[+]

Entropy:

7.3298

Developed / compiled with:

Microsoft Visual C++

Code size:

2.5 MB (2,605,568 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

VkontakteDJ

Command:

C:\users\{user}\downloads\richie_stephens_ft_general_degree_rock_me.mp3.exe \h

The file richie_stephens_ft_general_degree_rock_me.mp3.exe has been seen being distributed by the following 50 URLs.

http://m.freemp3now.net/.../djsc1.js?name=??????? - ?? ????? ??? ????? ?? ?????? ??????? ? ?? ???? ??????? - ???? ???? ??? ????

http://m.4musics.org/.../djsc1.js?name=Olsein Feat. Sofia - Lullaby Stranger (Original mix)

http://m.daimp3.org/.../djsc1.js?name=Minuet - Songbook Anna Magdalena Enh 114 Babies Go Bach

http://m.mp3sait.com/.../djsc1.js?name=Cristina Olteanu si Mugurasii Gorjului - Colaj cantece Olteanu

http://m.freemp3now.net/.../djsc1.js?name=Lian Ross feat. Eric Singleton - Fantasy (Eurodance - )

http://m.mp3parade.ru/.../djsc1.js?name=?????? - ??.?????????

http://m.mp3sait.com/.../djsc1.js?name= C?????? MP3: jah khalib - ?????????? ??????? ????? 2015 [ MP3???? ]

http://m.mp3parade.ru/.../djsc1.js?name=Lauryn Hill - Can't Take My Eyes Off of You

http://m.freemp3now.net/.../djsc1.js?name=????????? ????????? ? ???????? ???? - ?????????

http://m.4musics.org/.../djsc1.js?name=The Gazette - SHIVER (Black Butler Season 2 Opening)

http://m.mp3sait.com/.../djsc1.js?name=Dažadi izpilditaji - Popularas latviešu dziesmas

http://m.muz-info.org/.../djsc1.js?name=Various Artists - H.O.S.H. Feat. Malonda - What Do You Want Me To Say (Original Mix)

http://m.mp3sait.com/.../djsc1.js?name=DALIDA si SUSANU - DOAR IN OCHI CAND TE PRIVESC SUPER HIT MANELE 2014 CLIP OFFICIAL

http://m.daimp3.org/.../djsc1.js?name=Els Catarres - Seguirem lluitant (acords i lletra)

http://m.wasbur.com/.../djsc1.js?name=Kizomba Isabelle and Felicien *Asty - Curti ma mi

http://m.daimp3.org/.../djsc1.js?name=Kwabs - Walk (Download Zippy).mp3

http://m.mp3sait.com/.../djsc1.js?name=???????? - Georgian Legend - Samaia

http://m.mp3sait.com/.../djsc1.js?name=null - null

http://m.mp3-4-all.info/.../djsc1.js?name=??? ??????? - ?? ???? ??????? ?????? ????? ?????????, ????????, ????? ??? ???-?? ?????

http://m.rappro.ru/.../djsc1.js?name=???????? ????????, ?????? ????? - ????? ? ???? ???????? ??????????

http://m.freemp3now.net/.../djsc1.js?name=2AM (Jinwoon & Changmin) - Saying I Love You [Hotel King OST Part.2] [Eng sub Han Rom] 720p

http://m.daimp3.org/.../djsc1.js?name=Michael Woods ft Ester Dean - We've Only Just Begun (WestFunk & Steve Smart Club Mix)

http://m.mp3parade.ru/in/djsc1.js?name=Megadeth - Symphony of Destruction (VEVO Acoustic): ??????? MP3 ????? ????????? ??? ??????????? ? sms // mp3parade.ru

http://m.freemp3now.net/.../djsc1.js?name=??????? ??? ???? - ? ?????? ????? ?????

http://m.freemp3now.net/.../djsc1.js?name=Tanto Cielo Perdido - Sentimiento Musical Cumpliendo Sueños

http://m.freemp3now.net/.../djsc1.js?name=Pezet - Lojalnosc

http://m.rappro.ru/.../djsc1.js?name=null - null

http://m.dreamsets.com/.../djsc1.js?name=(???????) Natan Feat. DJ Kan - ????? ???? -

http://m.freemp3now.net/.../djsc1.js?name=?????? ??????? - ????? ???? ????? ?????? ????

http://m.4musics.org/.../djsc1.js?name=null - null

Latest 30 of 54 download URLs

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to h1net188-64-172-90.h1host.ru (188.64.172.90:80)

Remove richie_stephens_ft_general_degree_rock_me.mp3.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.