home

Ares Catcher.exe

Ares Catcher

Onekit Internet S,L

The application Ares Catcher.exe by Onekit Internet S,L has been detected as adware by 3 anti-malware scanners. This file is typically installed with the program AresCatcher by Onekit. It uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. While running, it connects to the Internet address xx-fbcdn-shv-01-fra3.fbcdn.net on port 443.
Publisher:
Onekit Internet S,L  (signed and verified)

Product:
Ares Catcher

Version:
2.1.5.0

MD5:
087e528bad4fd200d031c7419a5ce073

SHA-1:
ab64ce4f6fcf4cacf3afb9d4eba2b971c53e04ba

SHA-256:
e5da04bf615e1fe295da58d5b6a058acfa819063e329ca4ccea95e61788c06eb

Scanner detections:
3 / 68

Status:
Adware

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
4/26/2024 4:35:12 AM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.141111

Reason Heuristics
PUP.OnekitInternetSL.M
14.11.11.20

VIPRE Antivirus
Onekit Installer
33838

File size:
192.3 KB (196,928 bytes)

Product version:
2.1.5.0

Original file name:
Ares Catcher.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\arescatcher\ares catcher.exe

Digital Signature
Signed by:
Onekit Internet S,L

Authority:
GlobalSign nv-sa

Subject:
E=info@onekit.com, CN="Onekit Internet S,L", O="Onekit Internet S,L", L=Cerdanyola Del Valles, S=Barcelona, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216C6B688869B7980323D94C3965BBB528

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:0im4M6wyPwAVc6EDXl3MfmEZ29ftmISbEpARNOuN20KnxicA8:/GyICBwVyR2aNOuN20KnxicA8

Entry address:
0x2EA4E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.6790

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
179 KB (183,296 bytes)

The file Ares Catcher.exe has been discovered within the following program.

AresCatcher  by Onekit
About 2% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to centos6151163.aspadmin.net  (71.6.151.163:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-fra3.fbcdn.net  (31.13.93.7:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-frt3.facebook.com  (31.13.92.36:443)

TCP (HTTP):
Connects to xx-fbcdn-shv-01-mia1.fbcdn.net  (31.13.73.7:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-mia1.facebook.com  (31.13.73.36:443)

TCP (HTTP SSL):
Connects to um-21.btrll.com  (162.208.22.39:443)

TCP (HTTP SSL):
Connects to server-52-85-142-46.iad12.r.cloudfront.net  (52.85.142.46:443)

TCP (HTTP SSL):
Connects to 81.140.46.186.static.pichincha.andinanet.net  (186.46.140.81:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-eze1.fbcdn.net  (31.13.94.24:443)

TCP (HTTP SSL):
Connects to rtr3.l7.search.vip.bf1.yahoo.com  (63.250.200.63:443)

TCP (HTTP SSL):
Connects to pr-bh.pbp.vip.bf1.yahoo.com  (72.30.2.182:443)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-eze1.facebook.com  (31.13.94.35:443)

TCP (HTTP SSL):
Connects to ec2-75-101-141-47.compute-1.amazonaws.com  (75.101.141.47:443)

TCP (HTTP SSL):
Connects to ec2-54-219-155-197.us-west-1.compute.amazonaws.com  (54.219.155.197:443)

TCP (HTTP SSL):
Connects to ec2-52-52-10-156.us-west-1.compute.amazonaws.com  (52.52.10.156:443)

TCP (HTTP SSL):
Connects to ec2-52-204-186-174.compute-1.amazonaws.com  (52.204.186.174:443)

TCP (HTTP SSL):
Connects to 238.14.148.146.bc.googleusercontent.com  (146.148.14.238:443)

Remove Ares Catcher.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.