songr.exe

The application songr.exe has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from www.vaultflashapplication.com and multiple other hosts.
MD5:
b7f3378930a0bc9ba4844a9795b49f33

SHA-1:
dbd035f92b562f534a326203f5a83c7dd43d7f19

SHA-256:
490abeec4fdd9d315026078e6e2e98ae5990cfb32dc103cbd8e1e6cd97f2ebe6

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/4/2024 5:01:19 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/WebDevAZ.C potentially unwanted application
7.0.302.0

Reason Heuristics
PUP.WebDev.ET (M)
16.12.9.10

Trend Micro House Call
TROJ_GEN.F47V0903
7.2.7

File size:
5.8 MB (6,089,626 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\songr.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
98304:77GMgh0uiwv45VDanrNnkDUiRzWWfcMT5vxNSWw4oZxTLrZ:7yh0IGV2n5FiRzFrT5vxcWw9bTnZ

Entry point:
50, 4B, 03, 04, 14, 00, 00, 00, 08, 00, E3, 9B, 01, 43, 25, F4, 16, 3C, E4, EA, 5C, 00, 4B, 37, 5D, 00, 18, 00, 00, 00, 53, 6F, 6E, 67, 72, 5F, 32, 5F, 30, 5F, 32, 31, 31, 31, 5F, 53, 65, 74, 75, 70, 2E, 65, 78, 65, EC, 5C, 7F, 7C, 53, 57, 15, 7F, F9, D5, A6, 6D, 42, 52, 68, B7, 32, 5A, 28, B4, 20, 5A, 40, 58, 28, A3, 4B, 0B, 29, 6B, 00, DD, CA, D2, 85, 26, B0, B5, 30, 1D, 60, 78, CE, AD, C0, 7B, 8C, 29, 85, D6, B4, DA, F4, D1, 89, CA, 74, EA, D4, D5, A2, A2, CE, 0F, A8, 73, 76, CA, 4A, 0B, 5B, 5B, 26, DB...
 
[+]

The file songr.exe has been seen being distributed by the following 14 URLs.

http://www.vaultflashapplication.com/mAvmHcxHha0kck85AnIO38 lv h fnxjtrgK0XZXdI_LAfZrWvN8Ebi0XoZuJDVRvjrbYaJCyuBTKUL99CCd5EDU9vFFdismJLOHNtuNkzLVevDDzx47wp7_oomRbDeH22XDKRXDrdTmZRIuxKSUn3kJ0C373VnEOh83mYRBaSOaZyB67Dc P3dZixokUiK5kZHibHcd-Ow==

http://www.vaultflashapplication.com/_UKO3_VHEgZtMsHaGpQrgtCP7J1Ah6bqgE9WnLf8AYW_r6Y1PF2fI4oAot8B6ifGTDRI xvHOaKUXul203W325uDld5OqExv3K2Fni0b_DYNGOUFWSpFew J4sVQPIBZfgqxVB4GA3EtFK4QTg48x8XUys8hvRzK97O_JmG18ljNAiTZ_NeHCWnQdkOKdJSJ5sBg5pGv-Ow==

http://www.ranchsignbundle.com/c?x=mpOlnqQhxclT8gh6/TXtOLOK cyuftZ59mYSsbuiI2w=&c=Lb96kF8QdHIXWRyMTDD3dQPZZVkJBeV83IfanFPNOGan8XEra5yxt/9CDLcE96qqKA687709W3pY/.../404

http://www.ranchsignbundle.com/8g5xoa7q64kIikKRzgs2qvJCrqVA9xpNul72ksIDyrsEDN5W34bAlGpz0R0TwpBTLb8hBfKNEh46IeduYOON3W4Xaj3cBH0HZDprSeYquVNyb78MfWlowssqN18TuvJ3ccuRI3T548lIdUUmVcpcKSwebIA1_U9X2mMXaq2ru_PxijHh05A=-Ow==

http://69.4.238.159/clr/.../songr.exe

http://146.185.26.220/clr/.../songr.exe

Remove songr.exe - Powered by Reason Core Security