» songr.exe
Overview
Analysis
File Details
Downloads (14)

songr.exe

The application songr.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.vaultflashapplication.com and multiple other hosts.

File name:

songr.exe

MD5:

b7f3378930a0bc9ba4844a9795b49f33

SHA-1:

dbd035f92b562f534a326203f5a83c7dd43d7f19

SHA-256:

490abeec4fdd9d315026078e6e2e98ae5990cfb32dc103cbd8e1e6cd97f2ebe6

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

11/27/2024 5:18:07 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/WebDevAZ.C potentially unwanted application

7.0.302.0

Reason Heuristics

PUP.WebDev.ET (M)

16.12.9.10

Trend Micro House Call

TROJ_GEN.F47V0903

7.2.7

File size:

5.8 MB (6,089,626 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\songr.exe

File PE Metadata

OS bitness:

Win64

CTPH (ssdeep):

98304:77GMgh0uiwv45VDanrNnkDUiRzWWfcMT5vxNSWw4oZxTLrZ:7yh0IGV2n5FiRzFrT5vxcWw9bTnZ

Entry point:

50, 4B, 03, 04, 14, 00, 00, 00, 08, 00, E3, 9B, 01, 43, 25, F4, 16, 3C, E4, EA, 5C, 00, 4B, 37, 5D, 00, 18, 00, 00, 00, 53, 6F, 6E, 67, 72, 5F, 32, 5F, 30, 5F, 32, 31, 31, 31, 5F, 53, 65, 74, 75, 70, 2E, 65, 78, 65, EC, 5C, 7F, 7C, 53, 57, 15, 7F, F9, D5, A6, 6D, 42, 52, 68, B7, 32, 5A, 28, B4, 20, 5A, 40, 58, 28, A3, 4B, 0B, 29, 6B, 00, DD, CA, D2, 85, 26, B0, B5, 30, 1D, 60, 78, CE, AD, C0, 7B, 8C, 29, 85, D6, B4, DA, F4, D1, 89, CA, 74, EA, D4, D5, A2, A2, CE, 0F, A8, 73, 76, CA, 4A, 0B, 5B, 5B, 26, DB... 
[+]

The file songr.exe has been seen being distributed by the following 14 URLs.

http://www.vaultflashapplication.com/mAvmHcxHha0kck85AnIO38 lv h fnxjtrgK0XZXdI_LAfZrWvN8Ebi0XoZuJDVRvjrbYaJCyuBTKUL99CCd5EDU9vFFdismJLOHNtuNkzLVevDDzx47wp7_oomRbDeH22XDKRXDrdTmZRIuxKSUn3kJ0C373VnEOh83mYRBaSOaZyB67Dc P3dZixokUiK5kZHibHcd-Ow==

http://www.vaultflashapplication.com/_UKO3_VHEgZtMsHaGpQrgtCP7J1Ah6bqgE9WnLf8AYW_r6Y1PF2fI4oAot8B6ifGTDRI xvHOaKUXul203W325uDld5OqExv3K2Fni0b_DYNGOUFWSpFew J4sVQPIBZfgqxVB4GA3EtFK4QTg48x8XUys8hvRzK97O_JmG18ljNAiTZ_NeHCWnQdkOKdJSJ5sBg5pGv-Ow==

http://www.ranchsignbundle.com/c?x=mpOlnqQhxclT8gh6/TXtOLOK cyuftZ59mYSsbuiI2w=&c=Lb96kF8QdHIXWRyMTDD3dQPZZVkJBeV83IfanFPNOGan8XEra5yxt/9CDLcE96qqKA687709W3pY/.../404

http://www.ranchsignbundle.com/8g5xoa7q64kIikKRzgs2qvJCrqVA9xpNul72ksIDyrsEDN5W34bAlGpz0R0TwpBTLb8hBfKNEh46IeduYOON3W4Xaj3cBH0HZDprSeYquVNyb78MfWlowssqN18TuvJ3ccuRI3T548lIdUUmVcpcKSwebIA1_U9X2mMXaq2ru_PxijHh05A=-Ow==

http://www.ranchsignbundle.com/c?x=6knyf6jjntliyNW8pWB/5VWYCP/fIbqRkPHRDSQC7cU=&c=O sUTGvuRGWpMcVFF4MsELW/IGYunAoPWsrba8aLPRHbIUsUz5ROrtVK4knoGdq8B23pa9CE3YhSfaevE581qd3dIRuKVsEjLLg/.../404

http://www.ranchsignbundle.com/.../404

http://www.ranchsignbundle.com/c?x=ldsnM8VGWqyXMM9aX0zDtpoqraSjMilNahh/n31oNpA=&c=UVG/U16I/Dhu8ZtdCSJUOsSB96kKnaZIiFwcov0MUAuavputX87rEm7Ixd423R71TUWyICyFHhjgERgsebnZwVSYR8cqZUvog3PTA92HkJ/.../404

http://www.ranchsignbundle.com/WVl6OTRQV1F5YkRJMlZFTlhaRVJHYVhSSU9YUk1Sbk5pT0VzbE1rWkxNbU5JUlVKUVNtMU1SWGs0ZERGdFRIa3lZeVV6UkNaalBVZFhkbGtsTWtKVVNtWTNkR0k0TmtweGRFMU5SVzlJUmtSamNHNVRaV3RrUWxwVkpUSkNSM2RvZUhsNGNYWTVhMHBTV2sxMVp6WnhOMFpYUjBsaWMzUlFOMHBVVUhGMWVVbFpXbmhDVXpaWlFWZFFkbEozTWt4U1dWSllaR3BCWW5KdVYyZDNNSEpVVFZOS2JEbFFlVWg1ZW05NFdHMXRKVEpHTms5M2VITlZWV3R2YzNsVEptWmhiR3hpWVdOclgzVnliRDF6YjJaMFozSmhkSFZwZEM1amIyMGxNa1kwTURRPQ==

http://www.ranchsignbundle.com/WVl6OTRQVUV4VlhSMk5HUjJVR0pNTVhOaFpYUk5SVUkwTmsxWGRuUklZVXRsU0hreFZIRlhRaVV5UW1SSlRsSm1PQ1V6UkNaalBXWnFRVTl0UTFCYVZGaFplR1ZwT0ZCV1pUVjFaM28xUWpjeVFqUTJUbmM0TnpRNVlXWTVPV3RPYlVOSVpHUlZWMHRUVkZOSE9HWTBWamR4VGxkSGExWktiRFppYkhGb2JEZHZkblkyTlhONlMwaE9aVTlQT1dOc1JtdGlaMVJ6TkhwRFJta3pRekZTZFRaWWMyeFFZbmxSZDB4TE5qUm9VbmxuUkRKemVHazJKbVpoYkd4aVlXTnJYM1Z5YkQxbWFXeGxlbTl2YlhNdVkyOXRKVEpHTkRBMA==

http://dybraso4svbl2.cloudfront.net/clr/.../songr.exe

http://www.ranchsignbundle.com/WVl6OTRQV2RuVUhOQll6WllSbUk1T1hVek9GUTNkbkpqYjA1dlRubDNTM0pXTms5MGFEaHdSSGRtVm5kNE4wVWxNMFFtWXoxc1lXVm5keVV5UmxWRllteEdjMFoyUm1abldtOUhVMjA1TW1RMVVqZENZbFpqV0VSNmJuZHFObHAyWkdKNFRYRlRhbk5NYkZwVFNGWjNjbGgwZGlVeVJqZzFVRWh5T1c5MUpUSkNjMUZaVnpObmJqTjRSRllsTWtaUFVsWXpWMjFOVFd3eVUxUkVNVU42Ym1zeVowMHlaa2hET0VVelprTjNOM1J0Y3prNWNHdGxaR1ZMYldwb0ptWmhiR3hpWVdOclgzVnliRDFtYVd4bGVtOXZiWE11WTI5dEpUSkdOREEw

http://www.ranchsignbundle.com/WVl6OTRQV3hTWjJjeVpIVnZKVEpDTmtScGNEaEtNWEZyYjB4UU9YSlNiMGswZFRrd2MwNVNaa2sxU0hCYVdEWlFjeVV6UkNaalBXRTVSRVU0Vms5NUpUSkdSbFV4Um1GSFVFb3haRmwxSlRKQ2NWSkRXR2s1WWpkdGNYTkllV0pTUkhabVNXcEJja1F6SlRKQ1dtMVFkQ1V5UW5kMFRIbHhkMlZMTkUxUmVUTWxNa1pHV2tnemMwWlBUa1ZZTkVkUU5VZzVKVEpDUlRVeVVDVXlRbWc0TjJSdlZVbHNUbXB2WTFONVRVUnRTVEpCU0ZGQ04wUTRPR2RLWjJ0UWRGbFpKVEpHT1ZJeWFDWm1ZV3hzWW1GamExOTFjbXc5Wkc5M2JteHZZV1JuY21GMGRXbDBhUzVqYjIwbE1rWTBNRFE9

http://69.4.238.159/clr/.../songr.exe

http://146.185.26.220/clr/.../songr.exe

Remove songr.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.