APK2Mobile.exe

TODO:

Softonic International SA

The application APK2Mobile.exe, “TODO: <File description>” by Softonic International SA has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
TODO: <Company name>  (signed by Softonic International SA)

Product:
TODO: <Product name>

Description:
TODO: <File description>

Version:
1.0.0.1

MD5:
58ffe3ea10f0857f56fbb3a771395440

SHA-1:
b72e296f85ddb794d12f82597162c8b5fda30542

SHA-256:
b171508aefd8bf61279d5624c372e7dcf28468b80218b858f44d5373705a02a3

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/25/2017 8:57:38 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Softonic
16.2.25.18

File size:
1.2 MB (1,225,960 bytes)

Product version:
1.0.0.1

Copyright:
TODO: (c) <Company name>. All rights reserved.

Original file name:
APK2Mobile.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\tacom\apk2mobile\apk2mobile.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
2/3/2016 5:30:00 AM

Valid to:
2/3/2017 5:29:59 AM

Subject:
CN=Softonic International SA, O=Softonic International SA, STREET="CALLE ROSSELLO I PORCEL (ED MERIDIAN), 21 - PL 12", STREET=Edificio Meridian, L=Barcelona, S=Barcelona, PostalCode=08016, C=ES

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B0B155FE8EE9DFD42DDCE9ECC107AEC0

File PE Metadata
Compilation timestamp:
2/18/2016 3:01:48 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:PVEmWjL4XKKkPry/CWscKmyu1lpATU1Q331EGmZemFhUuNLC8AfWtRuFGMQMWr/Q:amWjVlFEGmYmcuNLmunKVk/MqvAP1F

Entry address:
0x4BFE6

Entry point:
E8, 06, BC, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, C8, 2A, 4B, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, CC, 2A, 4B, 00, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, E6, 54, 00, 00, 85, C0, 75, 06, B8, 30, 2C, 4B, 00, C3, 83, C0, 08, C3, E8, D3, 54, 00, 00, 85, C0, 75, 06, B8, 34, 2C, 4B, 00, C3, 83, C0, 0C, C3, 8B, FF, 55, 8B, EC, 56, E8, E2, FF, FF, FF...
 
[+]

Entropy:
6.1317

Code size:
581 KB (594,944 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to www.sft-pre.com  (46.28.209.62:443)

TCP (HTTP SSL):
Connects to 94.31.29.64.IPYX-077437-ZYO.above.net  (94.31.29.64:443)

TCP (HTTP SSL):
Connects to ec2-52-72-131-47.compute-1.amazonaws.com  (52.72.131.47:443)

TCP (HTTP SSL):
Connects to ec2-52-2-104-151.compute-1.amazonaws.com  (52.2.104.151:443)

TCP (HTTP SSL):
Connects to ec2-52-201-143-173.compute-1.amazonaws.com  (52.201.143.173:443)

TCP (HTTP SSL):
Connects to ec2-34-194-80-56.compute-1.amazonaws.com  (34.194.80.56:443)

TCP (HTTP SSL):
Connects to dmppixel-shared-mtc-c.evip.aol.com  (64.12.245.38:443)

TCP (HTTP SSL):
Connects to ec2-54-85-200-243.compute-1.amazonaws.com  (54.85.200.243:443)

TCP (HTTP SSL):
Connects to ec2-52-44-132-225.compute-1.amazonaws.com  (52.44.132.225:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-sin6.fbcdn.net  (157.240.7.26:443)

TCP (HTTP SSL):
Connects to unknown.telstraglobal.net  (210.176.156.31:443)

TCP (HTTP SSL):
Connects to um-23.btrll.com  (103.40.110.247:443)

TCP (HTTP SSL):
Connects to s-prd-umpxl-adcom-scd-a.evip.aol.com  (152.163.13.4:443)

TCP (HTTP SSL):
Connects to server-54-230-162-215.jax1.r.cloudfront.net  (54.230.162.215:443)

TCP (HTTP SSL):
Connects to server-54-230-162-172.jax1.r.cloudfront.net  (54.230.162.172:443)

TCP (HTTP SSL):
Connects to server-54-230-162-169.jax1.r.cloudfront.net  (54.230.162.169:443)

TCP (HTTP SSL):
Connects to server-54-230-159-254.sin3.r.cloudfront.net  (54.230.159.254:443)

TCP (HTTP SSL):
Connects to server-54-230-159-22.sin3.r.cloudfront.net  (54.230.159.22:443)

TCP (HTTP SSL):
Connects to server-54-230-159-103.sin3.r.cloudfront.net  (54.230.159.103:443)

TCP (HTTP):
Connects to server-54-230-150-68.sin2.r.cloudfront.net  (54.230.150.68:80)

Remove APK2Mobile.exe - Powered by Reason Core Security