RosadinTV.exe

RosadinTV

The application RosadinTV.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Product:
RosadinTV

Version:
1.0.0.0

MD5:
a5b5d1f5d030267ffce5ca276ca98771

SHA-1:
796589de84569cc87dd94274ec8e955791d8388d

SHA-256:
c44168191335008b11e80b75f3f053b32c4f4fcd5a8a5b67e6cd9dd12a84e6b1

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 10:17:30 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Eorezo.RE (M)
16.8.19.18

File size:
3.8 MB (4,022,784 bytes)

Product version:
1.0.0.0

Trademarks:
RosadinTV

Original file name:
RosadinTV.exe

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\abreme\rosadintv.exe

File PE Metadata
Compilation timestamp:
8/19/2016 7:54:43 PM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
80.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
98304:gd3NrsQchvkndU+MA5jBbbBdO50SEp9bkfXaoid/V:4+Q/dU+MA5j1bq55zva3VV

Entry address:
0x3CD976

Entry point:
4D, 5A, 90, 00, 03, 00, 00, 00, 04, 00, 00, 00, FF, FF, 00, 00, B8, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 80, 00, 00, 00, 0E, 1F, BA, 0E, 00, B4, 09, CD, 21, B8, 01, 4C, CD, 21, 54, 68, 69, 73, 20, 70, 72, 6F, 67, 72, 61, 6D, 20, 63, 61, 6E, 6E, 6F, 74, 20, 62, 65, 20, 72, 75, 6E, 20, 69, 6E, 20, 44, 4F, 53, 20, 6D, 6F, 64, 65, 2E, 0D, 0D, 0A, 24, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
3.8 MB (3,979,776 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to srsfckn.biz  (148.251.137.227:443)

TCP (HTTP SSL):
Connects to upload-lb.codfw.wikimedia.org  (208.80.153.240:443)

TCP (HTTP SSL):
Connects to aries.uberspace.de  (95.143.172.170:443)

TCP (HTTP):
Connects to web.lyngsat.com  (91.203.41.124:80)

TCP (HTTP):
Connects to s104.ucoz.net  (213.174.157.134:80)

TCP (HTTP):
Connects to host1.worldkast.net  (67.215.182.40:80)

TCP (HTTP):
Connects to p3nlh199.shr.prod.phx3.secureserver.net  (97.74.215.38:80)

TCP (HTTP SSL):
Connects to s3-1-w.amazonaws.com  (52.216.224.184:443)

TCP (HTTP):
Connects to 174.170.196.104.bc.googleusercontent.com  (104.196.170.174:80)

TCP (HTTP):
Connects to 70.208.33.186.in-addr.arpa  (186.33.208.70:80)

TCP (HTTP):
Connects to 217-160-0-60.elastic-ssl.ui-r.com  (217.160.0.60:80)

TCP (HTTP):
Connects to srv212-28.hosting24.com  (212.1.212.28:80)

TCP (HTTP):
Connects to s3-us-west-2-w.amazonaws.com  (52.218.160.42:80)

TCP (HTTP):
Connects to ns3020979.ip-149-202-202.eu  (149.202.202.127:80)

TCP (HTTP SSL):
Connects to li1230-189.members.linode.com  (45.79.131.189:443)

TCP (HTTP):
Connects to lb03lon1.c2.opennemas.net  (139.59.189.36:80)

TCP (HTTP):
Connects to lb01ams2.c2.opennemas.net  (37.139.3.90:80)

TCP (HTTP):
Connects to ip-107-180-58-62.ip.secureserver.net  (107.180.58.62:80)

TCP (HTTP):
Connects to hosted-by.grupomedrano.org  (69.4.231.216:80)

TCP (HTTP):
Connects to enlacetpe.com.mx  (200.38.127.34:80)

Remove RosadinTV.exe - Powered by Reason Core Security