home

amigo_adsetup_lmuopsy.exe

Amigo@Mail.Ru

LLC Mail.Ru

The executable amigo_adsetup_lmuopsy.exe has been detected as malware by 2 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from amigo.mail.ru and multiple other hosts. While running, it connects to the Internet address amigodl.mail.ru on port 80 using the HTTP protocol.
Publisher:
Mail.Ru  (signed by LLC Mail.Ru)

Product:
Amigo@Mail.Ru

Version:
2.0.0.5

MD5:
5036bb3b499dbb5870b5c3e38071c9b2

SHA-1:
1578a2a2fa87777693401bcd902e56be8ae1e4f4

SHA-256:
db3cab96830f737bf771803d90bb16aa12c9d3f027d839ee0277f0bd0b1d1a78

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
4/16/2024 7:00:44 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic.MailRu.Installer.Meta
15.8.4.8

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

File size:
292 KB (299,048 bytes)

Product version:
2.0.0.5

Copyright:
Copyright 2015

Original file name:
Amigo@Mail.Ru

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\amigo_adsetup_lmuopsy.exe

Digital Signature
Signed by:
LLC Mail.Ru

Authority:
Thawte, Inc.

Valid from:
8/20/2014 3:00:00 AM

Valid to:
8/21/2015 2:59:59 AM

Subject:
CN=LLC Mail.Ru, O=LLC Mail.Ru, L=Moscow, S=Moscow, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
169A089D186F350CBB6B5EC62D8A59AB

File PE Metadata
Compilation timestamp:
7/28/2015 2:55:05 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
3072:5Y+p8JP+cySXLMSFU4Zpx2puoxh+i7VgUknwQXJWE6JcXohmqiKWkF34io9rRjY:6+WJ1F7b2wahxWvDXn1odi9kFfo9VjY

Entry address:
0xB34F

Entry point:
E8, CA, 86, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 18, 3F, 42, 00, E8, 2B, 24, 00, 00, E8, 8A, 2F, 00, 00, 0F, B7, F0, 6A, 02, E8, 5D, 86, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, AD, 23, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
111.5 KB (114,176 bytes)

The file amigo_adsetup_lmuopsy.exe has been seen being distributed by the following 50 URLs.

https://amigo.mail.ru/amigo_adsetup_nwnportalmainstripe41mariesm.exe

https://amigo.mail.ru/amigo_adsetup_oklokbannerintook29ch.exe

https://amigo.mail.ru/amigo_dsetup_nwnmainbloc14chsm.exe

https://amigo.mail.ru/amigo_setup_prdctchsg.exe

https://amigo.mail.ru/amigo_dsetup_lrbiesb.exe

https://amigo.mail.ru/amigo_asetup_nwnportalmainstripe21marchsm.exe

https://amigo.mail.ru/amigo_dsetup_prdctchsm.exe

https://amigo.mail.ru/amigo_adsetup_obpokbanneroldbrwie.exe

https://amigo.mail.ru/amigo_adsetup_mmgbmmstripe31marchsm.exe

https://amigo.mail.ru/amigo_adsetup_lrwnewsstripe64ch.exe

https://amigo.mail.ru/amigo_adsetup_prdctautosearchbuttonvkiesm.exe

https://amigo.mail.ru/amigo_adsetup_l6searchbanner3chsm.exe

https://amigo.mail.ru/amigo_adsetup_nwnportalmainstripe21marie.exe

https://amigo.mail.ru/amigo_adsetup_lmookbannerinto2ch.exe

http://soft.oszone.net/download-file/.../

https://amigo.mail.ru/amigo_adsetup_nwnmainbloc26chsm.exe

https://amigo.mail.ru/amigo_adsetup_prdctautosearchbuttonamigochsm.exe

https://amigo.mail.ru/amigo_adsetup_lmookbannerobs3ch.exe

https://amigo.mail.ru/amigo_adsetup_lrbyasy.exe

https://amigo.mail.ru/amigo_adsetup_obpsearchbanneroldbr13iesm.exe

https://amigo.mail.ru/amigo_setup_1111chsg.exe

https://amigo.mail.ru/amigo_asetup_nwnsearchbannerup2chsm.exe

https://amigo.mail.ru/amigo_adsetup_oklokbannerintook30op.exe

https://amigo.mail.ru/amigo_adsetup_prdctsearchorgtwtchsm.exe

https://amigo.mail.ru/amigo_adsetup_oklokbannerintook2ie.exe

https://amigo.mail.ru/amigo_adsetup_lp5oktgb103ch.exe

https://amigo.mail.ru/amigo_adsetup_lrbchsg.exe

https://amigo.mail.ru/amigo_adsetup_lrbautosearchbuttonamigochsm.exe

https://amigo.mail.ru/amigo_adsetup_nwnportalmainstripe41marie.exe

https://amigo.mail.ru/amigo_adsetup_prdctportalnavch.exe

Latest 30 of 99 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to mrds.mail.ru  (217.69.139.245:80)

TCP (HTTP):
Connects to amigodl.mail.ru  (94.100.180.106:80)

Remove amigo_adsetup_lmuopsy.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.