s631.exe

V|I|XLII

VETAFORM DEVELOPMENTS S.L.

The application s631.exe by VETAFORM DEVELOPMENTS S.L has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address static.vnpt.vn on port 80 using the HTTP protocol.
Publisher:
Installer Setup  (signed by VETAFORM DEVELOPMENTS S.L.)

Product:
V|I|XLII

Description:
Installer Setup

Version:
3.1.45

MD5:
53e75703c90df743d7971a7fa5c67ab3

SHA-1:
8121b52518046a3dddeb8546376b89107f5c7008

SHA-256:
03e212783378be152202decbae07a133d4a195bf6cc61dbd382dbedf7e7de478

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 1:32:45 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.VETAFORMDEVELOPMENTS.Installer (M)
15.8.11.23

File size:
349.1 KB (357,456 bytes)

Product version:
3.1.45

Copyright:
2011 - 2015 © All Rights Reserved

Trademarks:
Installer Setup

Original file name:
manager.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\s631.exe

Digital Signature
Authority:
Unizeto Technologies S.A.

Valid from:
3/9/2015 9:47:37 AM

Valid to:
3/8/2017 8:47:37 AM

Subject:
E=support@vetaformdev.com, CN=VETAFORM DEVELOPMENTS S.L., O=VETAFORM DEVELOPMENTS S.L., C=ES

Issuer:
CN=Certum Code Signing CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

Serial number:
42F3D522047C48CAD717BCB89F5219DE

File PE Metadata
Compilation timestamp:
7/24/2015 4:22:28 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:YrUtCmGuUPuTwOFdZaMuFp3Y/Fy/B/7wwp0J8JdY:YrTa8OFd1uFEF+ZNpvdY

Entry address:
0x552EE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.9458

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
333 KB (340,992 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to static.vnpt.vn  (113.171.230.42:80)

TCP (HTTP SSL):
Connects to ec2-52-5-146-97.compute-1.amazonaws.com  (52.5.146.97:443)

TCP (HTTP):
Connects to ec2-107-23-73-216.compute-1.amazonaws.com  (107.23.73.216:80)

TCP (HTTP):

TCP (HTTP):
Connects to a23-13-165-163.deploy.static.akamaitechnologies.com  (23.13.165.163:80)

Remove s631.exe - Powered by Reason Core Security