» s631.exe
Overview
Analysis
File Details
Network (5)

s631.exe

V|I|XLII

VETAFORM DEVELOPMENTS S.L.

The application s631.exe by VETAFORM DEVELOPMENTS S.L has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address static.vnpt.vn on port 80 using the HTTP protocol.

File name:

s631.exe

Publisher:

Installer Setup (signed by VETAFORM DEVELOPMENTS S.L.)

Product:

V|I|XLII

Description:

Installer Setup

Version:

3.1.45

MD5:

53e75703c90df743d7971a7fa5c67ab3

SHA-1:

8121b52518046a3dddeb8546376b89107f5c7008

SHA-256:

03e212783378be152202decbae07a133d4a195bf6cc61dbd382dbedf7e7de478

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/23/2024 2:23:08 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.VETAFORMDEVELOPMENTS.Installer (M)

15.8.11.23

File size:

349.1 KB (357,456 bytes)

Product version:

3.1.45

Trademarks:

Installer Setup

Original file name:

manager.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\s631.exe

Digital Signature

Signed by:

VETAFORM DEVELOPMENTS S.L.

Authority:

Unizeto Technologies S.A.

Valid from:

3/9/2015 9:47:37 AM

Valid to:

3/8/2017 8:47:37 AM

Subject:

E=support@vetaformdev.com, CN=VETAFORM DEVELOPMENTS S.L., O=VETAFORM DEVELOPMENTS S.L., C=ES

Issuer:

CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:

42F3D522047C48CAD717BCB89F5219DE

File PE Metadata

Compilation timestamp:

7/24/2015 4:22:28 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:YrUtCmGuUPuTwOFdZaMuFp3Y/Fy/B/7wwp0J8JdY:YrTa8OFd1uFEF+ZNpvdY

Entry address:

0x552EE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

5.9458

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

333 KB (340,992 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to static.vnpt.vn (113.171.230.42:80)

TCP (HTTP SSL):

Connects to ec2-52-5-146-97.compute-1.amazonaws.com (52.5.146.97:443)

TCP (HTTP):

Connects to ec2-107-23-73-216.compute-1.amazonaws.com (107.23.73.216:80)

TCP (HTTP):

Connects to a23-13-171-27.deploy.static.akamaitechnologies.com (23.13.171.27:80)

TCP (HTTP):

Connects to a23-13-165-163.deploy.static.akamaitechnologies.com (23.13.165.163:80)

Remove s631.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.