ummyvd-web-loader-.exe

Magicbit, Inc

The application ummyvd-web-loader-.exe by Magicbit, Inc has been detected as a potentially unwanted program by 2 anti-malware scanners. The file has been seen being downloaded from dw.uptodown.com and multiple other hosts. While running, it connects to the Internet address europe-20.banahosting.com on port 80 using the HTTP protocol.
Publisher:
Magicbit, Inc  (signed and verified)

MD5:
4d505f303c3382ca3c8c673bc610a948

SHA-1:
1edbc4eb34b17889e4a2e12125fc597f5d19b472

SHA-256:
33cfc0f7679f109c60ebfb03bed7e3c6cf9df4300a7dd2dec878db6b0c2794dc

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
11/24/2024 4:55:11 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.2972

Reason Heuristics
PUP.Magicbit.Downloader.Meta (M)
16.3.31.18

File size:
797.9 KB (817,024 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\ummyvd-web-loader-.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
4/21/2014 3:00:00 AM

Valid to:
4/21/2017 2:59:59 AM

Subject:
CN="Magicbit, Inc", O="Magicbit, Inc", STREET="901 N. Pitt Street, Suite 325", L=Alexandria, S=VA, PostalCode=22314, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B5B2652535A2ACE1ACBFF9D5D7816AD4

File PE Metadata
Compilation timestamp:
9/28/2015 10:46:17 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:l9lvABFOW+uK5tnVFPrydMgzq1K/6ssQApwGQ:ZmOWutnVFDyygzq1K/6ssXwGQ

Entry address:
0xAEC64

Entry point:
55, 8B, EC, 83, C4, C8, 53, 56, 57, 33, C0, 89, 45, C8, 89, 45, CC, 89, 45, D8, 89, 45, DC, 89, 45, E0, 89, 45, E8, 89, 45, EC, B8, F8, 9D, 4A, 00, E8, 8E, BC, F5, FF, BF, 2C, 84, 4B, 00, 33, C0, 55, 68, C3, EF, 4A, 00, 64, FF, 30, 64, 89, 20, E8, 3E, 8E, FF, FF, 33, D2, 55, 68, 87, EF, 4A, 00, 64, FF, 32, 64, 89, 22, 6A, 00, 68, D4, 88, 4A, 00, 6A, 00, 68, D4, EF, 4A, 00, A1, 54, 5C, 4B, 00, 50, E8, 5B, CA, F5, FF, 89, 07, 83, 3F, 00, 0F, 84, 97, 02, 00, 00, B2, 01, B8, F4, EF, 4A, 00, E8, 64, 99, FF, FF...
 
[+]

Entropy:
6.4535

Developed / compiled with:
Microsoft Visual C++

Code size:
693.5 KB (710,144 bytes)

The file ummyvd-web-loader-.exe has been seen being distributed by the following 50 URLs.

https://dw.uptodown.com/dwn/ndbnW-W5Zrxb0eD8mxqkzHrpv-JAPjben6y3ASOv97_hMDEWXVoC01QTnJrJ3XpB1XJaTQ89GDSLGFaUHcQM4pJmz7ema1wb3Zlp_TX0cqW8F1zrD73gckvYKHFCY2vu/vHqU4EK4j5uu_J3cTq6c0HRnjbKcLS8Ej2vTenwXtS3242HamuZyR4RRS0zFRvde-Me0OGl_IYSTE_-esYPB1XjaPu3f0ifsiwu2NtoZ_qeC5QAlIv8qJNUW59YFqTF5/2k_xlrV1vX6e9qp-aww5Ji3SuqT7Y_MbQ9HHcrgLA7IyPX_wN2KuuHaE1F99pbMx-D2f0cPco69IO3qIrRpdvJoEHi43wpMiTTVkpLhKN8uMVb6ZA1RtRZdOaZfAq0c0/.../

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[113-yt-HRG_HbngByc].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-e8iVKww_Jac].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-uDe1QJp4JS0].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[113-yt-g-FIuQFDAxI].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[113-yt-Scvjmb47R9g].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-luQegXvJIug].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-V2VmcuOEqEg].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[113-yt-K-9ttm53pag].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[130-yt-gVTEG1pKTBs].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[130-yt-w1kmILofW7M].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[111-yt-DF3XjEhJ40Y].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-6sk-e6Q7j0o].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-D8ra1YoR2DA].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[113-yt-XqEiTdkbEaM].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-LpeCgvCRths].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-L0Npz8doDCA].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-AgjIXciyj-U].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-OGGBK4d-So8].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[113-yt-fdrfVrSM864].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-ReKlj3WbJ9U].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-2D2tVq-thao].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-9VEm5DwOqZ0].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-94cfRWGl9mo].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-s46ia45NvAI].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[113-yt-w-rV8vg_s48].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-qjJSU1CpUvM].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[111-yt-SZdoRj61C98].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-GyIgWjzcymw].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-EVIk0zsIcWk].exe

Latest 30 of 1,258 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to europe-20.banahosting.com  (46.23.65.197:80)

TCP (HTTP SSL):
Connects to 169-1-2-80.ip.afrihost.co.za  (169.1.2.80:443)

TCP (HTTP SSL):
Connects to cache.google.com  (79.101.110.49:443)

TCP (HTTP SSL):
Connects to mrs04s09-in-f14.1e100.net  (216.58.210.206:443)

TCP (HTTP SSL):
Connects to 41.254.37.15.static.ltt.ly  (41.254.37.15:443)

Remove ummyvd-web-loader-.exe - Powered by Reason Core Security