home

AdMunch.exe

Ad Muncher

Murray Hurps Software Pty Ltd

The executable AdMunch.exe has been detected as malware by 8 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Ad Muncher’. While running, it connects to the Internet address yandex.ru on port 80 using the HTTP protocol.
Publisher:
Murray Hurps Software Pty Ltd

Product:
Ad Muncher

Version:
4.93.33707

MD5:
ef8ace06dff5613cce3cc3905e4ea45f

SHA-1:
5be356ad2423d9a973ed331d59cb65690327475f

SHA-256:
4145a808b223a6ff40f4f7ce75fe17a9e5e5f1b052690f9e92459ce3fc1e7b41

Scanner detections:
8 / 68

Status:
Malware

Analysis date:
4/23/2024 12:13:39 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.29401
1144

Bitdefender
Gen:Variant.Symmi.29401
1.0.20.1755

Bkav FE
W32.Clod729.Trojan
1.3.0.4562

Emsisoft Anti-Malware
Gen:Variant.Symmi.29401
8.13.12.17.12

F-Secure
Gen:Variant.Symmi.29401
11.2013-17-12_3

G Data
Gen:Variant.Symmi.29401
13.12.22

MicroWorld eScan
Gen:Variant.Symmi.29401
14.0.0.1053

Reason Heuristics
Unnamed.Threat.18
14.3.1.7

File size:
1 MB (1,050,112 bytes)

Product version:
4.93.33707

Copyright:
Copyright © Murray Hurps Software Pty Ltd

Original file name:
AdMunch.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\ad muncher\admunch.exe

File PE Metadata
Compilation timestamp:
6/13/2021 8:31:25 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:Zib5W16T4Hd3shT3vpYrRbPSIzwIS70v1cVg:0I23vuR7SzIJd

Entry address:
0x9B1BF

Entry point:
89, 25, 00, 50, 4A, 00, 68, CF, B1, 49, 00, E8, 69, 97, 00, 00, 41, 4D, 33, 33, 37, 30, 37, 2E, 66, 72, 65, 00, 00, C4, 24, 3D, 82, 01, 00, 00, 0F, 85, A6, 2C, FD, FF, 68, A5, 36, 40, 00, E8, 1E, 31, FF, FF, C3, 8D, 7C, 24, 28, 57, 68, 24, 99, 45, 00, 90, 90, 90, 90, E9, 68, E0, FA, FF, 90, 90, 90, 68, D6, 40, AB, 00, 90, 90, 90, 90, E9, 00, E7, FE, FF, 90, 90, 90, 80, 7C, 24, 02, 00, 75, 13, 68, 55, 63, 44, 00, 56, E8, 2F, F2, FA, FF, 85, C0, 0F, 84, B4, 1F, 00, 00, 85, FF, 74, 28, 6A, 04, 8D, 4C, 24, 10...
 
[+]

Code size:
654.5 KB (670,208 bytes)

2 Startup Files (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Ad Muncher

Command:
C:\Program Files\ad muncher\admunch.exe

Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
AdMuncher

Command:
C:\Program Files\ad muncher\admunch.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to a23-43-139-27.deploy.static.akamaitechnologies.com  (23.43.139.27:80)

TCP (HTTP):
Connects to metro.volia.net  (77.120.60.211:80)

TCP (HTTP):
Connects to ec2-52-4-106-43.compute-1.amazonaws.com  (52.4.106.43:80)

TCP (HTTP):
Connects to avatars-fast.yandex.net  (87.250.247.173:80)

TCP (HTTP):
Connects to 6bb6e9d9.setaptr.net  (107.182.233.217:80)

TCP (HTTP):
Connects to serverboost.com  (109.232.226.52:80)

TCP (HTTP):
Connects to awaps.yandex.ru  (93.158.134.131:80)

TCP (HTTP):
Connects to srv82-165-240-87.vk.com  (87.240.165.82:80)

TCP (HTTP):
Connects to yandex.ru  (5.255.255.77:80)

TCP (HTTP):
Connects to edge-star-shv-02-mia1.facebook.com  (157.240.0.17:80)

TCP (HTTP):
Connects to ec2-54-236-139-253.compute-1.amazonaws.com  (54.236.139.253:80)

TCP (HTTP):
Connects to a23-67-140-168.deploy.static.akamaitechnologies.com  (23.67.140.168:80)

TCP (HTTP):
Connects to www.my.mail.ru  (94.100.180.39:80)

TCP (HTTP):
Connects to top-fwz1.mail.ru  (217.69.136.175:80)

TCP (HTTP):
Connects to mystatic8.i.mail.ru  (185.5.137.208:80)

TCP (HTTP):
Connects to mystatic10.i.mail.ru  (185.5.137.210:80)

TCP (HTTP):
Connects to mrds.mail.ru  (217.69.139.245:80)

TCP (HTTP):
Connects to clck.yandex.ru  (87.250.250.14:80)

TCP (HTTP):
Connects to avatars.mds.yandex.net  (87.250.247.184:80)

TCP (HTTP):
Connects to 2582e75b.rdns.100tb.com  (37.130.231.91:80)

Remove AdMunch.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.