home

ruggerwheedertunengto.exe

Red Sky Sp. z o.o.

The application ruggerwheedertunengto.exe by Red Sky Sp. z o.o has been detected as a potentially unwanted program by 3 anti-malware scanners. This executable runs as a local area network (LAN) Internet proxy server listening on port 9880 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address cache.google.com on port 443.
Publisher:
Red Sky Sp. z o.o.  (signed and verified)

MD5:
454779c05d197488dfcb09bf3b48da12

SHA-1:
6f9c3002ff969e73868185a3aaf6d107499423df

SHA-256:
07e4f7b26581662fb014e6158e6325c55aa7430072ab14c30049128d67b62637

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/7/2024 6:16:44 PM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
ApplicUnwnt
19997

ESET NOD32
Win32/Adware.ObronaAds (variant)
8.10673

Reason Heuristics
PUP.Optional.RedSkySpzoo.V
14.11.5.10

File size:
4.2 MB (4,377,560 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\ruggerwheedertunengto\ruggerwheedertunengto.exe

Digital Signature
Signed by:
Red Sky Sp. z o.o.

Authority:
COMODO CA Limited

Valid from:
3/27/2014 8:00:00 PM

Valid to:
3/28/2015 7:59:59 PM

Subject:
CN=Red Sky Sp. z o.o., OU=Red Sky, O=Red Sky Sp. z o.o., POBox=71-064, STREET=Aleja Piastow 22, L=Szczecin, S=zachodniopomorskie, PostalCode=71-064, C=PL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00AF74AE06E658887C8B6B42539F3FA758

File PE Metadata
Compilation timestamp:
4/3/1998 12:11:32 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.24

CTPH (ssdeep):
98304:LRntSzlYMqySW/ExsUlzkxSlELYTs9o36ln4zSPTnYc1:pchYMqySW/Exmx+cv4zScc1

Entry address:
0x14C0

Entry point:
83, EC, 0C, C7, 05, 24, 71, 82, 00, 01, 00, 00, 00, E8, 2E, 50, 05, 00, 83, C4, 0C, E9, A6, FC, FF, FF, 8D, B6, 00, 00, 00, 00, 83, EC, 0C, C7, 05, 24, 71, 82, 00, 00, 00, 00, 00, E8, 0E, 50, 05, 00, 83, C4, 0C, E9, 86, FC, FF, FF, 90, 90, 90, 90, 90, 90, 55, 89, E5, 56, 53, 83, EC, 10, 8B, 1D, 18, 93, 82, 00, C7, 04, 24, 00, 40, 47, 00, FF, D3, 89, C6, 83, EC, 04, 85, F6, B8, 60, C0, 45, 00, 74, 29, C7, 04, 24, 00, 40, 47, 00, FF, 15, 54, 93, 82, 00, 83, EC, 04, A3, 38, 70, 82, 00, C7, 44, 24, 04, 13, 40...
 
[+]

Entropy:
6.7732

Code size:
453 KB (463,872 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:9880/

Local host port:
9880

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP:
Connects to yk-in-f188.1e100.net  (74.125.196.188:5228)

TCP (HTTP SSL):
Connects to www4.twitter.jp  (199.59.149.233:443)

TCP (HTTP):
Connects to sjd-rd12-5c.sjc.dropbox.com  (108.160.167.167:80)

TCP (HTTP):
Connects to sjd-ra1-4e.sjc.dropbox.com  (108.160.165.33:80)

TCP (HTTP SSL):
Connects to r-199-59-150-46.twttr.com  (199.59.150.46:443)

TCP (HTTP):
Connects to mx-out.skygamers.com  (195.122.153.104:80)

TCP (HTTP SSL):
Connects to msnbot-65-55-252-43.search.msn.com  (65.55.252.43:443)

TCP (HTTP SSL):
Connects to yts2.yql.vip.gq1.yahoo.com  (206.190.37.99:443)

TCP (HTTP SSL):
Connects to yk-in-f139.1e100.net  (74.125.196.139:443)

TCP (HTTP SSL):
Connects to yh-in-f136.1e100.net  (74.125.137.136:443)

TCP (HTTP SSL):
Connects to www2.twitter.jp  (199.59.149.201:443)

TCP (HTTP SSL):
Connects to www.new-innov.com  (207.200.188.10:443)

TCP:
Connects to wi-in-f188.1e100.net  (173.194.67.188:5228)

TCP (HTTP):
Connects to vip3.adcash.com  (72.52.178.205:80)

TCP (HTTP SSL):
Connects to ui.constantcontact.com  (208.75.122.25:443)

TCP (HTTP):
Connects to snt-re4-9a.sjc.dropbox.com  (108.160.163.109:80)

TCP (HTTP):
Connects to sjd-rd12-3a.sjc.dropbox.com  (108.160.167.157:80)

TCP (HTTP):
Connects to sjd-rc1-2a.sjc.dropbox.com  (108.160.165.173:80)

TCP (HTTP):
Connects to sfo-mta-24.taggedmail.com  (67.221.174.24:80)

Remove ruggerwheedertunengto.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.