sentry_mba.exe

www.crackingcore.com

The application sentry_mba.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. While running, it connects to the Internet address checkip-iad.dyndns.com on port 80 using the HTTP protocol.
Publisher:
www.crackingcore.com

Description:
Sentry MBA

Version:
1.5.0

MD5:
b2067805b0e0f2035d30729c2ccefaaa

SHA-1:
115b79d1c1e8d3fd38b141891fdfafbd29f2e6ea

SHA-256:
94b1bb09a6df6732b6c5c13303cd081768b18dbce44b58eb507c73875a94adf2

Scanner detections:
14 / 68

Status:
Potentially unwanted

Analysis date:
11/27/2024 4:22:01 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2500605
534

Avira AntiVirus
APPL/SentryMBA.A
8.3.1.6

Arcabit
Trojan.Generic.D2627FD
1.0.0.425

Bitdefender
Trojan.GenericKD.2500605
1.0.20.1155

Emsisoft Anti-Malware
Trojan.GenericKD.2500605
8.15.08.19.03

F-Secure
Trojan.GenericKD.2500605
11.2015-19-08_4

G Data
Trojan.GenericKD.2500605
15.8.25

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.9.5.0

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.1557

McAfee
Artemis!B2067805B0E0
5600.6668

MicroWorld eScan
Trojan.GenericKD.2500605
16.0.0.693

nProtect
Trojan.GenericKD.2500605
15.08.07.01

Qihoo 360 Security
HEUR/QVM05.1.Malware.Gen
1.0.0.1015

Rising Antivirus
PE:Trojan.Win32.Generic.18C938CC!415840460
23.00.65.15817

File size:
5.5 MB (5,728,768 bytes)

Product version:
1.5.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:cD4ET113p6hnHcn84Ull604QqVwl+C9d/2/Wwrg7:cPzEhnHcn84Ull604QqVwlH9d/2eAg7

Entry address:
0x342F90

Entry point:
55, 8B, EC, 83, C4, F0, B8, F0, 23, 74, 00, E8, 74, 40, CC, FF, A1, 70, 11, 78, 00, 8B, 00, 8B, 40, 30, BA, 01, 00, 00, 00, E8, DC, F1, FF, FF, 84, C0, 75, 41, A1, 70, 11, 78, 00, 8B, 00, E8, 84, D0, D4, FF, A1, 70, 11, 78, 00, 8B, 00, BA, 08, 30, 74, 00, E8, 6B, CC, D4, FF, 8B, 0D, 64, 10, 78, 00, A1, 70, 11, 78, 00, 8B, 00, 8B, 15, 78, C0, 6A, 00, E8, 73, D0, D4, FF, A1, 70, 11, 78, 00, 8B, 00, E8, E7, D0, D4, FF, E8, 1E, 19, CC, FF, 00, 00, FF, FF, FF, FF, 03, 00, 00, 00, 4D, 42, 41, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.7336

Developed / compiled with:
Microsoft Visual C++

Code size:
3.3 MB (3,416,576 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to d4.2b.9905.ip4.static.sl-reverse.com  (5.153.43.212:80)

TCP (HTTP):
Connects to 2.3e.9905.ip4.static.sl-reverse.com  (5.153.62.2:80)

TCP (HTTP):
Connects to checkip-iad.dyndns.com  (216.146.38.70:80)

TCP (HTTP):
Connects to checkip.dyndns.com  (216.146.43.70:80)

TCP (HTTP):
Connects to checkip-ams.dyndns.com  (91.198.22.70:80)

TCP (HTTP SSL):
Connects to a23-211-129-221.deploy.static.akamaitechnologies.com  (23.211.129.221:443)

TCP:
Connects to ns395311.ip-5-135-139.eu  (5.135.139.195:8000)

Remove sentry_mba.exe - Powered by Reason Core Security