vimeworld.exe

BrainStorm Launcher

VimeWorld

The executable vimeworld.exe has been detected as malware by 8 anti-virus scanners. While running, it connects to the Internet address ep12.rbx-ovh.vime.one on port 25565.
Publisher:
VimeWorld

Product:
BrainStorm Launcher

Description:
VimeWorld

Version:
1.0.0.3

MD5:
a4adaecbc34643fdf8b1cc2ea0f8f559

SHA-1:
316a9bb243d70a389214b7e27a358b72a56899d4

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
11/5/2024 6:55:22 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.68207
47

Arcabit
Trojan.Symmi.D10A6F
1.0.0.791

Bitdefender
Gen:Variant.Symmi.68207
1.0.20.1765

Emsisoft Anti-Malware
Gen:Variant.Symmi.68207
8.16.12.18.12

F-Secure
Gen:Variant.Symmi.68207
11.2016-18-12_1

G Data
Gen:Variant.Symmi.68207
16.12.25

MicroWorld eScan
Gen:Variant.Symmi.68207
17.0.0.1059

Qihoo 360 Security
HEUR/QVM19.1.0000.Malware.Gen
1.0.0.1120

File size:
1.6 MB (1,717,656 bytes)

Product version:
1.0.0.3

Copyright:
Copyright (C) 2016

Original file name:
BrainStorm.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\Application data\.vimeworld\vimeworld.exe

File PE Metadata
Compilation timestamp:
12/14/2016 8:27:04 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

Entry address:
0x2E5935

Entry point:
EB, 08, 0D, 26, 02, 00, 00, 00, 00, 00, E9, DE, 3C, EE, FF, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 5C, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 70, 70, 46, 00, B0, 59, 6E, 00, BD, 00, 00, 00, C0, E1, 44, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 22, E8, 02, 00, E7...
 
[+]

Code size:
307.5 KB (314,880 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to srv60-194.vkontakte.ru  (95.142.194.60:443)

TCP:
Connects to ep16.rbx-ovh.vime.one  (151.80.29.136:25565)

TCP (HTTP SSL):
Connects to srv50-194.vkontakte.ru  (95.142.194.50:443)

TCP (HTTP):
Connects to optifine.net  (50.115.126.69:80)

TCP:
Connects to ep11.rbx-ovh.vime.one  (46.105.113.87:25565)

TCP:
Connects to ep5.rbx-ovh.vime.one  (5.39.71.203:25565)

TCP:
Connects to ep12.rbx-ovh.vime.one  (178.33.226.137:25565)

TCP:
Connects to ep1.rbx-ovh.vime.one  (178.33.226.100:25565)

TCP:
Connects to ep9.rbx-ovh.vime.one  (46.105.114.88:25565)

TCP:
Connects to ep7.rbx-ovh.vime.one  (46.105.114.103:25565)

TCP (HTTP):
Connects to ec2-52-71-2-14.compute-1.amazonaws.com  (52.71.2.14:80)

TCP:
Connects to ep6.rbx-ovh.vime.one  (46.105.114.126:25565)

TCP:
Connects to ep2.rbx-ovh.vime.one  (5.39.71.168:25565)

TCP:
Connects to ep15.rbx-ovh.vime.one  (176.31.232.63:25565)

TCP:
Connects to ep13.rbx-ovh.vime.one  (176.31.224.76:25565)

TCP (HTTP):
Connects to ep10.rbx-ovh.vime.one  (46.105.114.5:80)

TCP:
Connects to ep8.rbx-ovh.vime.one  (46.105.114.104:25565)

TCP:
Connects to ep4.rbx-ovh.vime.one  (5.39.71.183:25565)

TCP (HTTP):
Connects to ec2-54-175-97-178.compute-1.amazonaws.com  (54.175.97.178:80)

TCP (HTTP):
Connects to ec2-52-87-109-25.compute-1.amazonaws.com  (52.87.109.25:80)

Remove vimeworld.exe - Powered by Reason Core Security