SimpleMalwareProtector.exe

Simple Malware Protector

Vapc Lux Sarl

The application SimpleMalwareProtector.exe, “SimpleMalwareProtector” by Vapc Lux Sarl has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. While running, it connects to the Internet address cdn-178-79-211-253.lon.llnw.net on port 80 using the HTTP protocol.
Publisher:
SimpleStar  (signed by Vapc Lux Sarl)

Product:
Simple Malware Protector

Description:
SimpleMalwareProtector

Version:
2.1.1000.21673

MD5:
bce11dd2db7a109a9ca9c558dd8d7edd

SHA-1:
2d429701410097c6fa05bcf683d775ca62af0b42

SHA-256:
7ba4d5b9c02585f5d94b8ae14efec3080bdf67207063882f515f5cdaebbd01c2

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 10:02:04 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.SimpleStar (L)
17.1.7.2

File size:
6.4 MB (6,697,776 bytes)

Product version:
2.1.1000.21673

Copyright:
Copyright © SimpleStar 2016

Original file name:
SimpleMalwareProtector.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\simple malware protector\simplemalwareprotector.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
2/11/2016 4:11:14 PM

Valid to:
2/10/2017 4:57:32 PM

Subject:
E=Ludovic.trogliero@vapc.lu, CN=Vapc Lux Sarl, O=Vapc Lux Sarl, L=Luxembourg, C=LU

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112130BA28CC6DC89090DD3923776478D67D

File PE Metadata
Compilation timestamp:
12/14/2016 10:07:11 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

Entry address:
0x659D2E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
6.3 MB (6,651,392 bytes)

Scheduled Task
Task name:
Simple Malware Protector_startup

Trigger:
Logon (Runs on logon)


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-206-15-116.compute-1.amazonaws.com  (52.206.15.116:80)

TCP (HTTP):
Connects to cdn-178-79-211-254.lon.llnw.net  (178.79.211.254:80)

TCP (HTTP):
Connects to ec2-54-174-121-249.compute-1.amazonaws.com  (54.174.121.249:80)

TCP (HTTP):
Connects to ec2-52-73-235-184.compute-1.amazonaws.com  (52.73.235.184:80)

TCP (HTTP):
Connects to cdn-68-142-93-133.sea2.llnw.net  (68.142.93.133:80)

TCP (HTTP):
Connects to cdn-68-142-93-254.sea2.llnw.net  (68.142.93.254:80)

TCP (HTTP):
Connects to cdn-178-79-211-253.lon.llnw.net  (178.79.211.253:80)

TCP (HTTP):
Connects to ec2-34-194-231-165.compute-1.amazonaws.com  (34.194.231.165:80)

TCP (HTTP):
Connects to cdn-87-248-203-254.ams.llnw.net  (87.248.203.254:80)

TCP (HTTP):
Connects to https-178-79-242-128.fra.llnw.net  (178.79.242.128:80)

TCP (HTTP):
Connects to https-178-79-242-0.fra.llnw.net  (178.79.242.0:80)

TCP (HTTP):
Connects to https-178-79-238-0.mrs.llnw.net  (178.79.238.0:80)

TCP (HTTP):
Connects to cdn-87-248-203-253.ams.llnw.net  (87.248.203.253:80)

TCP (HTTP):
Connects to cdn-208-111-168-6.ord.llnw.net  (208.111.168.6:80)

TCP (HTTP):
Connects to cdn-178-79-235-253.dus.llnw.net  (178.79.235.253:80)

TCP (HTTP):
Connects to cdn-111-119-28-253.nrt.llnw.net  (111.119.28.253:80)

TCP (HTTP):
Connects to https-178-79-251-128.lcy.llnw.net  (178.79.251.128:80)

TCP (HTTP):
Connects to https-178-79-251-0.lcy.llnw.net  (178.79.251.0:80)

TCP (HTTP):
Connects to cdn-87-248-221-254.par.llnw.net  (87.248.221.254:80)

TCP (HTTP):
Connects to cdn-87-248-207-254.arn.llnw.net  (87.248.207.254:80)

Remove SimpleMalwareProtector.exe - Powered by Reason Core Security