home

AresMod.exe

Ares Mod for windows

Onekit Internet S,L

The application AresMod.exe by Onekit Internet S,L has been detected as adware by 4 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler. While running, it connects to the Internet address 184-55-103-191.iparatodos.com.ar on port 49024.
Publisher:
Ares Development Group  (signed by Onekit Internet S,L)

Product:
Ares Mod for windows

Version:
2.2.3.8

MD5:
0feacfdd07c44ebac9a390af31622698

SHA-1:
796ac709fa8eea310cb53ef4d8906963c011a66d

SHA-256:
7041aad89155172b8e319f29abd5860c60368cee64e8d97b66b6c79d4913fa3e

Scanner detections:
4 / 68

Status:
Adware

Analysis date:
12/31/2025 5:47:36 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
MalSign.Skodna.Bundle.bb4
2014.0.3611

Comodo Security
Heur.Suspicious
17045

Reason Heuristics
PUP.Task.OnekitInternetSL.H
14.8.7.21

VIPRE Antivirus
Onekit Installer
22062

File size:
3.2 MB (3,404,192 bytes)

Product version:
2.2.3

Copyright:
Onekit 2012

Trademarks:
Ares Development Team

Original file name:
AresMod.exe

File type:
Executable application (Win32 EXE)

Language:
English

Digital Signature
Signed by:
Onekit Internet S,L

Authority:
GlobalSign nv-sa

Valid from:
4/17/2012 11:11:53 AM

Valid to:
4/18/2013 11:11:53 AM

Subject:
E=info@onekit.com, CN="Onekit Internet S,L", O="Onekit Internet S,L", L=Barcelona, S=Barcelona, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121082E90950E0960FF7F21E2D20A9F1AF6

File PE Metadata
Compilation timestamp:
6/19/1992 11:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:/vxJEH2YcM0D3irSAyq4DlcmE3T1A2JRsYfQzbX:noi/cmE3Tb9QzbX

Entry address:
0x29A8BC

Entry point:
55, 8B, EC, B9, 04, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, 57, B8, 04, 9D, 69, 00, E8, 33, D0, D6, FF, 33, C0, 55, 68, CE, AB, 69, 00, 64, FF, 30, 64, 89, 20, A1, 90, 6A, 6A, 00, C6, 00, 01, 8D, 45, EC, E8, 4D, F3, FF, FF, 8B, 4D, EC, B8, 40, 4A, 6B, 00, BA, E8, AB, 69, 00, E8, BF, AA, D6, FF, A1, 40, 4A, 6B, 00, E8, 69, AC, D6, FF, 8B, D8, 53, 6A, 00, 68, 00, 00, 10, 00, E8, F2, D5, D6, FF, A3, 3C, 4A, 6B, 00, 83, 3D, 3C, 4A, 6B, 00, 00, 0F, 84, 92, 01, 00, 00, A1, 3C, 4A, 6B, 00, 50, E8, 75...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
2.6 MB (2,727,424 bytes)

Scheduled Task
Task name:
{7B29EE1E-4AA8-4274-8EBD-D5B446773E97}

Trigger:
Registration (Runs on registration)


The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to 181-177-44-190.fiberway.com.ar  (181.177.44.190:57038)

TCP:
Connects to pc-164-207-46-190.cm.vtr.net  (190.46.207.164:46058)

TCP:
Connects to host140.186-148-244.velosat.com.ar  (186.148.244.140:15742)

TCP:
Connects to 201-210-147-145.genericrev.cantv.net  (201.210.147.145:28539)

TCP:
Connects to 186-92-224-22.genericrev.cantv.net  (186.92.224.22:26021)

TCP:
Connects to 186-89-82-36.genericrev.cantv.net  (186.89.82.36:24914)

TCP:
Connects to canals.ro  (81.180.28.124:64156)

TCP:
Connects to 201-242-175-227.genericrev.cantv.net  (201.242.175.227:40941)

TCP:
Connects to 201-209-135-53.genericrev.cantv.net  (201.209.135.53:43698)

TCP:
Connects to 186-88-39-176.genericrev.cantv.net  (186.88.39.176:9611)

TCP:
Connects to webserver.funescoop.com.ar  (201.234.43.228:30593)

TCP:
Connects to user27-214.satfilm.com.pl  (77.91.27.214:27318)

TCP:
Connects to sydnns0114w-142166090143.pppoe-dynamic.High-Speed.ns.bellaliant.net  (142.166.90.143:50679)

TCP:
Connects to r186-53-14-73.dialup.adsl.anteldata.net.uy  (186.53.14.73:29091)

TCP:
Connects to r179-24-255-22.dialup.adsl.anteldata.net.uy  (179.24.255.22:48696)

TCP:
Connects to r167-58-135-137.dialup.adsl.anteldata.net.uy  (167.58.135.137:37568)

TCP:
Connects to r167-116-7-32.dialup.mobile.ancel.net.uy  (167.116.7.32:20694)

TCP:
Connects to r167-116-51-237.dialup.mobile.ancel.net.uy  (167.116.51.237:11031)

TCP:
Connects to r167-108-183-72.dialup.mobile.ancel.net.uy  (167.108.183.72:29807)

TCP:
Connects to pc-194-158-46-190.cm.vtr.net  (190.46.158.194:19760)

Remove AresMod.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.