Spotnet.exe

Spotnet

The application Spotnet.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address textnews.kpn.nl on port 119.
Publisher:
Spotnet

Product:
Spotnet

Version:
2.0.0.244

MD5:
f30133e90842c294f8fbad6a7f6d65fd

SHA-1:
c76eb137fb940d1cac4a884ffacf48a763059f58

SHA-256:
9c73fbc9f4f3ac311438b1d5f21105539cc6ee29f79ffcb95e900f67ceaa4dfa

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 6:48:05 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Confuser (M)
17.1.7.12

File size:
2.7 MB (2,812,928 bytes)

Product version:
2.0.0.244

Copyright:
Copyright (C) 2014-2016

Original file name:
Spotnet.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\spotnet\app-2.0.0.244\spotnet.exe

File PE Metadata
Compilation timestamp:
1/7/2017 12:48:04 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x2B600A

Entry point:
FF, 25, 00, 60, 6B, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
1.3 MB (1,323,520 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to reader.xsnews.nl  (94.232.116.131:119)

TCP:
Connects to 163-172-22-65.rev.poneytelecom.eu  (163.172.22.65:563)

TCP:
Connects to textnews.kpn.nl  (194.109.6.164:119)

TCP:
Connects to news.kpn.nl  (194.109.6.163:119)

TCP:
Connects to news.iss.as9143.net  (212.54.52.4:119)

Remove Spotnet.exe - Powered by Reason Core Security