home

a949074_4

Игровой центр@Mail.Ru, версия 2.0.210

LLC Mail.Ru

The file a949074_4 by LLC Mail.Ru has been detected as a potentially unwanted program by 2 anti-malware scanners. While running, it connects to the Internet address dl35.ext.terrhq.ru on port 80 using the HTTP protocol.
Publisher:
LLC Mail.Ru  (signed and verified)

Product:
Игровой центр@Mail.Ru, версия 2.0.210

Version:
2.0.0.210

MD5:
c6ef7aa58338dae4be880bd0872215ee

SHA-1:
fead2e12fa319226e1cf43f32a51240ae88cd080

SHA-256:
08572ac4ffb4f1df464f15213fc2f2a9085eb493873ffa087c6438eea3269043

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/26/2024 8:28:28 AM UTC  (today)

Scan engine
Detection
Engine version

Bkav FE
W32.HfsAdware
1.3.0.6379

Reason Heuristics
Win32.Generic.MailRu.Meta
15.5.31.12

File size:
2.9 MB (3,080,816 bytes)

Product version:
2.0.0.210

Copyright:
Copyright (C) 2012 LLC Mail.Ru

Original file name:
GameCenter@Mail.Ru.exe

Common path:
C:\users\{user}\appdata\local\temp\a949074_4

Digital Signature
Signed by:
LLC Mail.Ru

Authority:
Thawte, Inc.

Valid from:
12/9/2011 4:00:00 AM

Valid to:
2/7/2014 3:59:59 AM

Subject:
CN=LLC Mail.Ru, O=LLC Mail.Ru, L=Moscow, S=Moscow, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
1C09DBBC732D4B58F7A88EBACF323417

File PE Metadata
Compilation timestamp:
4/13/2012 5:35:04 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:C43UQOeyyLex0/wU53zOwET76w0xa5gfseBP2Sfio5EFSuiPr3IpRO8OJBmwN:xUQOeLex0/5Oww0xa+EaioVuiE8JXN

Entry address:
0x14DE60

Entry point:
55, 8B, EC, 83, C4, F0, B8, 94, 22, 54, 00, E8, 9C, CC, EB, FF, E8, DB, 36, FF, FF, E8, 02, 87, EB, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1.3 MB (1,363,456 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to dl31.ext.terrhq.ru  (178.22.89.20:80)

TCP (HTTP):
Connects to dl25.ext.terrhq.ru  (178.22.88.105:80)

TCP (HTTP):
Connects to dl26.ext.terrhq.ru  (178.22.88.106:80)

TCP (HTTP):
Connects to dl35.ext.terrhq.ru  (178.22.89.24:80)

TCP (HTTP):
Connects to mail.ru  (178.22.89.141:80)

TCP (HTTP):
Connects to dl37.ext.terrhq.ru  (178.22.89.39:80)

TCP:
Connects to ws.92.127.237.137.nsk.sibirtelecom.ru  (92.127.237.137:6881)

TCP:
Connects to turbaevskiy-gw3.krivoyrog.ucomline.net  (78.111.215.133:16570)

TCP:
Connects to shpd-92-101-142-54.vologda.ru  (92.101.142.54:6881)

TCP:
Connects to ppp-5.137.131.146.nsk.rt.ru  (5.137.131.146:6881)

TCP:
Connects to ip-46-72-25-68.bb.netbynet.ru  (46.72.25.68:1024)

TCP:
Connects to ip-46-72-206-212.bb.netbynet.ru  (46.72.206.212:6881)

TCP:
Connects to ip-176-194-243-88.bb.netbynet.ru  (176.194.243.88:6881)

TCP:
Connects to host-2-60-7-195.pppoe.omsknet.ru  (2.60.7.195:6881)

TCP:
Connects to host-233.217.157.37.ucom.am  (37.157.217.233:4506)

TCP:
Connects to host-105.217.157.37.ucom.am  (37.157.217.105:5580)

TCP:
Connects to enode.176.59.204.226.tele2.ru  (176.59.204.226:6881)

TCP:
Connects to dynamic-2-61-86-42.pppoe.khakasnet.ru  (2.61.86.42:6881)

TCP:
Connects to dynamic-2-61-212-96.pppoe.khakasnet.ru  (2.61.212.96:6881)

TCP:
Connects to dynamic-2-61-182-7.pppoe.khakasnet.ru  (2.61.182.7:6881)

Remove a949074_4 - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.