SimpleStarSmartMonitor.exe

SimpleStar Smart Monitor

Vapc Lux Sarl

The application SimpleStarSmartMonitor.exe by Vapc Lux Sarl has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
SimpleStar  (signed by Vapc Lux Sarl)

Product:
SimpleStar Smart Monitor

Version:
1,1,2,14

MD5:
d2ede04d4cd8d98c005f7ed762d02618

SHA-1:
67b7ce012c9825a402d0a99f38ec73e821e08d97

SHA-256:
360c433cf84fd8921410f7adb6be8e90f71ee55993e7eb1c5605eb294b3bb276

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/23/2024 10:31:37 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.SimpleStar (L)
16.10.17.22

File size:
2 MB (2,046,936 bytes)

Product version:
1.1.2.14

Copyright:
Copyright (c) 2016 SimpleStar. All Rights Reserved.

Original file name:
SimpleStarSmartMonitor.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\simplestar smart monitor\simplestarsmartmonitor.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
2/11/2016 4:11:14 PM

Valid to:
2/10/2017 4:57:32 PM

Subject:
E=Ludovic.trogliero@vapc.lu, CN=Vapc Lux Sarl, O=Vapc Lux Sarl, L=Luxembourg, C=LU

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112130BA28CC6DC89090DD3923776478D67D

File PE Metadata
Compilation timestamp:
8/16/2016 2:40:21 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:XJCCAJqlM2c0KvkRRQGupm+MIDY8DwYZWV8N44lAxO+ftNRPVnHIUzO/Lnh:XoCAWMR0KMQGoDMIDsV8O4lAxjfHVu

Entry address:
0xC3ED0

Entry point:
48, 83, EC, 28, E8, 4B, 04, 00, 00, 48, 83, C4, 28, E9, 26, FD, FF, FF, FF, 25, 00, E0, 03, 00, 48, 8B, C4, 48, 89, 58, 08, 48, 89, 68, 10, 48, 89, 70, 18, 48, 89, 78, 20, 41, 54, 48, 83, EC, 20, 4D, 8B, 51, 38, 48, 8B, F2, 4D, 8B, E0, 41, 8B, 02, 48, 8B, E9, 49, 8B, D1, 48, 03, C0, 48, 8B, CE, 49, 8B, F9, 49, 8D, 5C, C2, 04, 4C, 8B, C3, E8, 22, F9, FF, FF, 44, 8B, 1B, 44, 8B, 55, 04, 41, 8B, C3, 41, 83, E3, 02, BA, 01, 00, 00, 00, 23, C2, 41, 80, E2, 66, 44, 0F, 44, D8, 45, 85, DB, 74, 13, 4C, 8B, CF, 4D...
 
[+]

Code size:
1023 KB (1,047,552 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-73-235-184.compute-1.amazonaws.com  (52.73.235.184:80)

TCP (HTTP):
Connects to ec2-54-174-121-249.compute-1.amazonaws.com  (54.174.121.249:80)

TCP (HTTP):
Connects to ec2-52-206-15-116.compute-1.amazonaws.com  (52.206.15.116:80)

TCP (HTTP):
Connects to ec2-34-194-231-165.compute-1.amazonaws.com  (34.194.231.165:80)

TCP (HTTP):
Connects to ec2-54-85-189-79.compute-1.amazonaws.com  (54.85.189.79:80)

TCP (HTTP):
Connects to ec2-52-2-143-52.compute-1.amazonaws.com  (52.2.143.52:80)

TCP (HTTP SSL):
Connects to bam-7.nr-data.net  (162.247.242.19:443)

TCP (HTTP SSL):
Connects to bam-3.nr-data.net  (50.31.164.173:443)

TCP (HTTP SSL):
Connects to bam-6.nr-data.net  (162.247.242.18:443)

TCP (HTTP SSL):
Connects to bam-4.nr-data.net  (50.31.164.174:443)

TCP (HTTP):
Connects to cache.google.com  (62.165.157.22:80)

TCP (HTTP SSL):
Connects to bam-8.nr-data.net  (162.247.242.20:443)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP SSL):
Connects to 62-127-102-249.telenor.se  (62.127.102.249:443)

TCP (HTTP SSL):
Connects to 62-127-102-215.telenor.se  (62.127.102.215:443)

Remove SimpleStarSmartMonitor.exe - Powered by Reason Core Security