torrentex.exe

LLC

The application torrentex.exe by LLC has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Torrentex’. While running, it connects to the Internet address 149.207.61.94.rev.vodafone.pt on port 53447.
Publisher:
LLC   (signed and verified)

MD5:
7ee11ddb9613673ab68dc168de659a80

SHA-1:
fd612d6de2140f46de3241573b8c0ebf72462f65

SHA-256:
113cc42711fe33c3b6b87b0da0b63c751c1f1e52f9b059acf77d9b0277651644

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/27/2024 9:45:03 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Amonitize (M)
15.8.2.2

File size:
409.8 KB (419,656 bytes)

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
6/5/2015 3:00:00 AM

Valid to:
6/5/2016 2:59:59 AM

Subject:
CN="LLC ""TARKOS SOFT""", O="LLC ""TARKOS SOFT""", STREET="prosp Peremogy, 68/1", L=kyiv, PostalCode=01054, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
7A90449016B8E2CFEDE0BDF86A2648FA

File PE Metadata
Compilation timestamp:
11/10/2008 12:40:35 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
768:zyq82Ud7/zfkn8I+ilJhe9TWCKJeHXV+kfXrl3vc5RXPpXYyIYcWGSAi4tF+KriV:Gq824LfME08Htfq5R/pBInrvL+KriV

Entry address:
0x2C61

Entry point:
E8, 72, 03, 00, 00, E9, 36, FD, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 8B, 00, 81, 38, 63, 73, 6D, E0, 75, 2A, 83, 78, 10, 03, 75, 24, 8B, 40, 14, 3D, 20, 05, 93, 19, 74, 15, 3D, 21, 05, 93, 19, 74, 0E, 3D, 22, 05, 93, 19, 74, 07, 3D, 00, 40, 99, 01, 75, 05, E8, C7, 03, 00, 00, 33, C0, 5D, C2, 04, 00, 68, 6B, 2C, 40, 00, FF, 15, 20, 40, 40, 00, 33, C0, C3, CC, FF, 25, 10, 41, 40, 00, 6A, 14, 68, 30, 42, 40, 00, E8, 5E, 02, 00, 00, FF, 35, A0, 66, 40, 00, 8B, 35, B0, 40, 40, 00, FF, D6, 59, 89, 45, E4, 83...
 
[+]

Entropy:
3.6570

Code size:
8.5 KB (8,704 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Torrentex

Command:
"C:\torrentex\torrentex.exe" \hide


The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to 142.252.204.91.ppp.infoset.ru  (91.204.252.142:53729)

TCP:
Connects to 157.234.106.193.ppp.infoset.ru  (193.106.234.157:61802)

TCP:
Connects to net192-45.perm.ertelecom.ru  (46.146.192.45:65148)

TCP:
Connects to static-46-238-243-156.awacom.net  (46.238.243.156:50084)

TCP:
Connects to sr-b095bcf0.umf.maine.edu  (141.114.138.247:26962)

TCP:
Connects to p5DCB65EE.dip0.t-ipconnect.de  (93.203.101.238:50771)

TCP:
Connects to ip.178-70-50-230.avangarddsl.ru  (178.70.50.230:14312)

TCP:
Connects to host-47.194.251.177.copaco.com.py  (177.251.194.47:45682)

TCP:
Connects to host-186-4-218-178.netlife.ec  (186.4.218.178:45682)

TCP:
Connects to hfc-181-140-72-188.une.net.co  (181.140.72.188:52160)

TCP:
Connects to cliente233.235.239.170.ftth.d1telecom.com.br  (170.239.235.233:56798)

TCP:
Connects to client-201.240.147.177.speedy.net.pe  (201.240.147.177:63945)

TCP:
Connects to bfbd0803.virtua.com.br  (191.189.8.3:11935)

TCP:
Connects to a79-168-110-62.cpe.netcabo.pt  (79.168.110.62:10275)

TCP:
Connects to 85-95-187-232.saransk.ru  (85.95.187.232:32134)

TCP:
Connects to 81-18-214-82.static.chello.pl  (81.18.214.82:33622)

TCP:
Connects to 78-56-126-188.static.zebra.lt  (78.56.126.188:33725)

TCP:
Connects to 46-13-61-134.tmcz.cz  (46.13.61.134:20220)

TCP:
Connects to 177.19.153.205.static.adsl.gvt.net.br  (177.19.153.205:16884)

TCP:
Connects to 161.subnet125-163-225.speedy.telkom.net.id  (125.163.225.161:61772)

Remove torrentex.exe - Powered by Reason Core Security