» aa_v3.5.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

aa_v3.5.exe

Ammyy Admin

Ammyy

The application aa_v3.5.exe by Ammyy has been detected as adware by 11 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Ammyy Admin”. While running, it connects to the Internet address unspecified.mtw.ru on port 443.

File name:

aa_v3.5.exe

Publisher:

Ammyy LLC (signed by Ammyy)

Product:

Ammyy Admin

Version:

3.5

MD5:

46f7f6a665c0e74bed19c6fcc2bf4905

SHA-1:

18649ce50a53ee2cf8240d4fd81f486d4fb7064d

SHA-256:

13a515174eb32822779570e01f73ac73633cc15ad6de80638b5b5757c8962c38

Scanner detections:

11 / 68

Status:

Adware

Analysis date:

4/24/2024 11:57:59 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.RemoteAdmin

7.1.1

AhnLab V3 Security

Unwanted/Win32.RemoteAdmin

2014.11.24

AVG

Potentially harmful program RemoteAdmin.CYY

2014.0.4189

Dr.Web

riskware program Program.RemoteAdmin.701

9.0.1.05190

ESET NOD32

Win32/RemoteAdmin.Ammyy.B potentially unsafe application

7.0.302.0

F-Prot

W32/RemoteAdmin.Ammyy

4.6.5.141

K7 AntiVirus

Trojan

13.185.14098

Kaspersky

not-a-virus:RemoteAdmin.Win32.Ammyy

15.0.0.543

NANO AntiVirus

Riskware.Win32.RemoteAdmin.dbybgd

0.28.6.63474

Reason Heuristics

PUP.Service.Ammyy.G

14.11.23.15

Rising Antivirus

PE:Malware.Ammyy!6.1139

23.00.65.141121

File size:

746.3 KB (764,184 bytes)

Product version:

3.5

File type:

Executable application (Win32 EXE)

Digital Signature

Signed by:

Ammyy

Authority:

VeriSign, Inc.

Valid from:

1/14/2014 3:00:00 AM

Valid to:

1/15/2015 2:59:59 AM

Subject:

CN=Ammyy, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ammyy, L=Москва, S=Москва, C=RU

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

52C9E020C4D675A668E1DDEB0EF1167B

File PE Metadata

Compilation timestamp:

7/3/2014 1:56:03 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:PUYpJqMH2OwlaUPcWWw5XZV8f64RteVpN5ETMasTjcP6gX:zpJJWOwlaUPcWWwRZb4Rt+N5WMasHoX

Entry address:

0x7C3AE

Entry point:

55, 8B, EC, 6A, FF, 68, A0, DE, 48, 00, 68, 50, C5, 47, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, A4, 33, 48, 00, 59, 83, 0D, 98, 57, 4B, 00, FF, 83, 0D, 9C, 57, 4B, 00, FF, FF, 15, A8, 33, 48, 00, 8B, 0D, 80, 57, 4B, 00, 89, 08, FF, 15, AC, 33, 48, 00, 8B, 0D, 7C, 57, 4B, 00, 89, 08, A1, B0, 33, 48, 00, 8B, 00, A3, 94, 57, 4B, 00, E8, 60, 01, 00, 00, 39, 1D, 70, DE, 4A, 00, 75, 0C, 68, 7A, C5, 47, 00, FF, 15, B4, 33... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

520 KB (532,480 bytes)

Service

Display name:

Ammyy Admin

Service name:

AmmyyAdmin

Type:

Win32OwnProcess

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):

Connects to unspecified.mtw.ru (93.95.99.233:443)

Remove aa_v3.5.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.