ummyvd-web-loader-[148-yt-nzp_axebsfq].exe

Magicbit, Inc

The application ummyvd-web-loader-[148-yt-nzp_axebsfq].exe by Magicbit, Inc has been detected as a potentially unwanted program by 11 anti-malware scanners. The file has been seen being downloaded from videodownloader.ummy.net and multiple other hosts. While running, it connects to the Internet address europe-20.banahosting.com on port 80 using the HTTP protocol.
Publisher:
Magicbit, Inc  (signed and verified)

Version:
1.0.0.0

MD5:
e87c35c9363ec4aa35041ae365a82b79

SHA-1:
e1a1de8db7d485fd05f498ec2ceb80e56e63769c

SHA-256:
63aff17cb179587afb80ef9ef1210bad9bf4f860e2743b26f04125512646b2f6

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 2:38:21 PM UTC  (today)

Scan engine
Detection
Engine version

AegisLab AV Signature
Troj.Downloader.W32.Magicbit!c
2.1.4+

avast!
Win32:Malware-gen
160310-2

AVG
Generic
2017.0.2793

Bkav FE
W32.HfsAdware
1.3.0.7744

ESET NOD32
Win32/Magicbit.D potentially unwanted application
8.0.319.0

Fortinet FortiGate
Riskware/Magicbit
3/26/2016

G Data
Win32.Application.Agent.LO1QU1
16.3.25

K7 AntiVirus
Adware
13.2119121

Kaspersky
not-a-virus:HEUR:Downloader.Win32.Magicbit
14.0.0.460

Panda Antivirus
Generic Suspicious
16.03.26.12

Rising Antivirus
PE:Malware.Generic(Thunder)!1.A1C4 [F]
23.00.65.16324

File size:
1.6 MB (1,698,184 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\ummyvd-web-loader-[148-yt-nzp_axebsfq].exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
4/21/2014 7:00:00 AM

Valid to:
4/21/2017 6:59:59 AM

Subject:
CN="Magicbit, Inc", O="Magicbit, Inc", STREET="901 N. Pitt Street, Suite 325", L=Alexandria, S=VA, PostalCode=22314, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B5B2652535A2ACE1ACBFF9D5D7816AD4

File PE Metadata
Compilation timestamp:
3/25/2016 7:40:27 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:/xM7S4In/JUMKEXyT12XJzBqSWtbUAkUVHWnqRClqPuwGQ7:J4C+qhJz8SuQOHqCTGQ7

Entry address:
0x1603B0

Entry point:
55, 8B, EC, 83, C4, F0, B8, 78, 84, 55, 00, E8, 94, A7, EA, FF, A1, 4C, 5F, 56, 00, 8B, 00, E8, 90, B9, FA, FF, A1, 4C, 5F, 56, 00, 8B, 00, B2, 01, E8, A2, D6, FA, FF, 8B, 0D, 34, 5D, 56, 00, A1, 4C, 5F, 56, 00, 8B, 00, 8B, 15, 88, 58, 55, 00, E8, 82, B9, FA, FF, A1, 4C, 5F, 56, 00, 8B, 00, E8, DA, BA, FA, FF, E8, A9, 65, EA, FF, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.5961

Developed / compiled with:
Microsoft Visual C++

Code size:
1.4 MB (1,437,696 bytes)

The file ummyvd-web-loader-[148-yt-nzp_axebsfq].exe has been seen being distributed by the following 50 URLs.

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[148-yt-dEqOUfMeIvw].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[130-yt-I_88S8DWbcU].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[148-yt-2uZDYTlc4_g].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[148-yt-u2x6n3hmkGs].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[148-yt-d4_szl5EEww].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[148-yt-MDseYy4VbxE].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[148-yt-qxrxWftsiyg].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[148-yt-bjKB4rWayb8].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[148-yt-hT_nvWreIhg].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[148-yt-Jpv03mqNwFg].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[148-yt-S9BoBr6nY-Y].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[148-yt-DMhNZ78ZG3s].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[148-yt-jDywVLn6bjk].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[148-yt-8Z5EjAmZS1o].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[148-yt-OPPTyKgnHWk].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[148-yt-fmF-XB4RvvA].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[148-yt-t8c9jlRkEdM].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[148-yt-OUd16K1zGbw].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[148-yt-4pADHGRNgbI].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[130-yt-Jnzj3a1Fkh8].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[130-yt-JXeGcehJ4p4].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[148-yt-PyTUscdJDzQ].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[148-yt-txeAf-1Dmx0].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[148-yt-ZIpMbA3kVtY].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[148-yt-KVOQaU8EAbM].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[148-yt-Huh_H8QsaOE].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[148-yt-YWu9mB6X9Oc].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[148-yt-_Ii_5-On104].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[148-yt-cij-0bCWaaA].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[148-yt-WLY06dVxlNI].exe

Latest 30 of 855 download URLs

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to europe-20.banahosting.com  (46.23.65.197:80)

Remove ummyvd-web-loader-[148-yt-nzp_axebsfq].exe - Powered by Reason Core Security