SimpleMalwareProtector.exe

Simple Malware Protector

Vapc Lux Sarl

The application SimpleMalwareProtector.exe, “SimpleMalwareProtector” by Vapc Lux Sarl has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address cdn-87-248-221-253.par.llnw.net on port 80 using the HTTP protocol.
Publisher:
SimpleStar  (signed by Vapc Lux Sarl)

Product:
Simple Malware Protector

Description:
SimpleMalwareProtector

Version:
2.1.1000.21650

MD5:
00de0e290cb0ee337368807004df87ac

SHA-1:
8809c70672c8174e3ca3a6ea7491613484e8c35d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/24/2024 3:58:46 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.SimpleStar (L)
16.10.17.22

File size:
6.4 MB (6,696,752 bytes)

Product version:
2.1.1000.21650

Copyright:
Copyright © SimpleStar 2016

Original file name:
SimpleMalwareProtector.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\simple malware protector\simplemalwareprotector.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
2/12/2016 3:11:14 AM

Valid to:
2/11/2017 3:57:32 AM

Subject:
E=Ludovic.trogliero@vapc.lu, CN=Vapc Lux Sarl, O=Vapc Lux Sarl, L=Luxembourg, C=LU

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112130BA28CC6DC89090DD3923776478D67D

File PE Metadata
Compilation timestamp:
10/12/2016 10:06:19 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:Wz5Owi5kxBOSutgxUR9i3v/W242Y4sCCgQzCfUe343FC+QEr434Rd7hvjRQnesT:C5+kxBOhgpHW2e1Cs1XQEr4veW

Entry address:
0x6599BE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, 68, 00, 00, 80, 10, 00, 00, 00, 80, 00, 00, 80, 18, 00, 00, 00, 98, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
6.3 MB (6,650,368 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-206-15-116.compute-1.amazonaws.com  (52.206.15.116:80)

TCP (HTTP):
Connects to cdn-87-248-207-254.arn.llnw.net  (87.248.207.254:80)

TCP (HTTP):
Connects to ec2-54-174-121-249.compute-1.amazonaws.com  (54.174.121.249:80)

TCP (HTTP):
Connects to cdn-87-248-221-253.par.llnw.net  (87.248.221.253:80)

TCP (HTTP):
Connects to ec2-34-194-231-165.compute-1.amazonaws.com  (34.194.231.165:80)

TCP (HTTP):
Connects to ec2-52-73-235-184.compute-1.amazonaws.com  (52.73.235.184:80)

TCP (HTTP):
Connects to cdn-87-248-207-253.arn.llnw.net  (87.248.207.253:80)

TCP (HTTP):
Connects to cds4.zrh.llnw.net  (193.247.42.38:80)

TCP (HTTP):
Connects to cdn-208-111-128-6.lga.llnw.net  (208.111.128.6:80)

TCP (HTTP):
Connects to cdn-208-111-128-7.lga.llnw.net  (208.111.128.7:80)

TCP (HTTP):
Connects to cdn-87-248-203-253.ams.llnw.net  (87.248.203.253:80)

TCP (HTTP):
Connects to cdn-87-248-221-254.par.llnw.net  (87.248.221.254:80)

TCP (HTTP):
Connects to cdn-87-248-203-254.ams.llnw.net  (87.248.203.254:80)

TCP (HTTP):
Connects to https-178-79-242-0.fra.llnw.net  (178.79.242.0:80)

TCP (HTTP):
Connects to cds7.zrh.llnw.net  (193.247.42.41:80)

TCP (HTTP):
Connects to cds6.zrh.llnw.net  (193.247.42.40:80)

TCP (HTTP):
Connects to cds2.zrh.llnw.net  (193.247.42.36:80)

TCP (HTTP):
Connects to cdn-208-111-168-6.ord.llnw.net  (208.111.168.6:80)

TCP (HTTP):
Connects to https-69-164-0-0.iad.llnw.net  (69.164.0.0:80)

TCP (HTTP):
Connects to https-69-28-164-0.dal.llnw.net  (69.28.164.0:80)

Remove SimpleMalwareProtector.exe - Powered by Reason Core Security