home

amigo_adsetup_lp5iesm.exe

Amigo@Mail.Ru

LLC Mail.Ru

The application amigo_adsetup_lp5iesm.exe by LLC Mail.Ru has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from amigo.mail.ru and multiple other hosts. While running, it connects to the Internet address mrds.mail.ru on port 80 using the HTTP protocol.
Publisher:
Mail.Ru  (signed by LLC Mail.Ru)

Product:
Amigo@Mail.Ru

Version:
1, 0, 0, 13

MD5:
909b8e72f49eb09050f6c055ff84c2ce

SHA-1:
f94efc0acff9ade50a483f56cb53eb86a62d8cc9

SHA-256:
45393eed27e0129737773d99ebb5266134883c542d04b26b0820430df234c9ec

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 5:23:19 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.iBryte.RuMail
4.0.3.15527

Bkav FE
W32.HfsAdware
1.3.0.6379

Panda Antivirus
PUP/DownWare
15.05.27.07

Reason Heuristics
Win32.Generic.Installer.Meta
15.5.27.15

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

File size:
273 KB (279,592 bytes)

Product version:
1, 0, 0, 13

Copyright:
Copyright 2015

Original file name:
Amigo@Mail.Ru

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\amigo_adsetup_lp5iesm.exe

Digital Signature
Signed by:
LLC Mail.Ru

Authority:
Thawte, Inc.

Valid from:
8/20/2014 3:00:00 AM

Valid to:
8/21/2015 2:59:59 AM

Subject:
CN=LLC Mail.Ru, O=LLC Mail.Ru, L=Moscow, S=Moscow, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
169A089D186F350CBB6B5EC62D8A59AB

File PE Metadata
Compilation timestamp:
5/26/2015 6:39:16 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
3072:zj7Dp+76b/sdGHXp5/d+JrYNmR05mqNaxQMTkUg3AcZ9Hh5jS5Y2y+/GPNHR:XPZXf/d5mWI6axpAUg3HfjS62xKH

Entry address:
0x86B4

Entry point:
E8, AA, 86, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 38, 0A, 42, 00, E8, 16, 25, 00, 00, E8, 75, 30, 00, 00, 0F, B7, F0, 6A, 02, E8, 3D, 86, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 08, 24, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
100 KB (102,400 bytes)

The file amigo_adsetup_lp5iesm.exe has been seen being distributed by the following 50 URLs.

https://amigo.mail.ru/amigo_setup_oklsearchbannerok30chsm.exe

https://amigo.mail.ru/amigo_dsetup_nwnmainbloc18chsm.exe

https://amigo.mail.ru/amigo_adsetup_lp5weatherstripe21march.exe

http://xcdn.softobase.com/rozu2.html?parameter=Amigo_Russian_Setup.exe&sect=1440996309&secl=WOmgcUC9XwBQnd64y03R5w&clr=1

https://amigo.mail.ru/amigo_adsetup_lp5portalmainstripe11march.exe

https://amigo.mail.ru/amigo_adsetup_lp5adwordsmgcpcsearchchsg.exe

https://amigo.mail.ru/amigo_asetup_lp5searchbanneroldbr9iesyh.exe

https://amigo.mail.ru/amigo_adsetup_oklokbannerobsok29ch.exe

https://amigo.mail.ru/amigo_adsetup_nwnmainbloc18chsm.exe

https://amigo.mail.ru/amigo_adsetup_nwnotvetystripe31marie.exe

https://amigo.mail.ru/amigo_adsetup_nwnportalmainstripe41marie.exe

https://amigo.mail.ru/amigo_adsetup_lp5mmstripe21marchsm.exe

https://amigo.mail.ru/amigo_adsetup_oklokbannerintook2ch.exe

https://amigo.mail.ru/amigo_adsetup_oklokbannerobsok30ch.exe

https://amigo.mail.ru/amigo_adsetup_oklsearchbannerok3chsm.exe

https://amigo.mail.ru/amigo_adsetup_nwnnewsstripe31march.exe

https://amigo.mail.ru/amigo_adsetup_lp5autosearchbuttonokchsm.exe

https://amigo.mail.ru/amigo_adsetup_lp5okbannerok4ch.exe

http://filehome.ru/?ddownload=187

https://amigo.mail.ru/amigo_adsetup_lp5ie.exe

https://amigo.mail.ru/amigo_adsetup_lp5portalmainstripe31marchsm.exe

https://amigo.mail.ru/amigo_adsetup_lp5chsm.exe

https://amigo.mail.ru/amigo_adsetup_oklokbannerintook30ie.exe

https://amigo.mail.ru/amigo_adsetup_nwnlovestripe31marchsm.exe

http://soft.oszone.net/download-file/.../

https://amigo.mail.ru/amigo_adsetup_lp5searchbannerupdate2iesm.exe

http://scdn.softobase.com/rozu2.html?sect=1445552326&parameter=Amigo_Russian_Setup.exe&secl=SuG1K13VALyUBEA3TDmRgg&clr=1

https://amigo.mail.ru/amigo_adsetup_lp5chsy.exe

https://amigo.mail.ru/amigo_adsetup_mmgbmmstripe11maryasm.exe

https://amigo.mail.ru/amigo_adsetup_mmgbmmstripe21marchsm.exe

Latest 30 of 65 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to mrds.mail.ru  (217.69.139.245:80)

TCP (HTTP):
Connects to amigodl.mail.ru  (217.69.139.106:80)

Remove amigo_adsetup_lp5iesm.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.