home

bartvpn.exe

BartVPN

Red Sky Sp. z o.o.

The application bartvpn.exe by Red Sky Sp. z o.o has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address host-01.aorta.pl on port 443.
Publisher:
RedSky Sp. z o.o.  (signed by Red Sky Sp. z o.o.)

Product:
BartVPN

Version:
1.1.606

MD5:
444ddf1a756e83b8e1422d53ccdeae7d

SHA-1:
90aec169a657216ea76381a0e4c4743c64a498d3

SHA-256:
cd584051e32635b6165fb7c60d6da13f7c5bf777bd0536028a1a9b2a908ea08d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/7/2024 9:16:00 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.RedSkySpzoo.H
14.11.11.14

File size:
2 MB (2,115,680 bytes)

Product version:
1.0

Copyright:
RedSky Sp. z o.o.

Original file name:
BartVPN

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\bartvpn\bartvpn.exe

Digital Signature
Signed by:
Red Sky Sp. z o.o.

Authority:
COMODO CA Limited

Valid from:
3/28/2014 1:00:00 AM

Valid to:
3/29/2015 12:59:59 AM

Subject:
CN=Red Sky Sp. z o.o., OU=Red Sky, O=Red Sky Sp. z o.o., POBox=71-064, STREET=Aleja Piastow 22, L=Szczecin, S=zachodniopomorskie, PostalCode=71-064, C=PL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00AF74AE06E658887C8B6B42539F3FA758

File PE Metadata
Compilation timestamp:
10/13/2014 8:47:00 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:oCVSnwiTrXeIhdlSDgDzLBEoGVT55r6bvn3Fq37v:ojwi2wEDgXL+oqTXcv3F8

Entry address:
0x5E329

Entry point:
E8, B5, 04, 00, 00, E9, 63, FD, FF, FF, CC, FF, 25, 24, E1, 46, 00, FF, 25, 1C, E1, 46, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 18, 80, 5B, 00, 89, 0D, 14, 80, 5B, 00, 89, 15, 10, 80, 5B, 00, 89, 1D, 0C, 80, 5B, 00, 89, 35, 08, 80, 5B, 00, 89, 3D, 04, 80, 5B, 00, 66, 8C, 15, 30, 80, 5B, 00, 66, 8C, 0D, 24, 80, 5B, 00, 66, 8C, 1D, 00, 80, 5B, 00, 66, 8C, 05, FC, 7F, 5B, 00, 66, 8C, 25, F8, 7F, 5B, 00, 66, 8C, 2D, F4, 7F, 5B, 00, 9C, 8F, 05, 28, 80, 5B, 00, 8B, 45, 00, A3, 1C, 80, 5B, 00, 8B, 45...
 
[+]

Code size:
433.5 KB (443,904 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP SSL):
Connects to host-01.aorta.pl  (178.63.212.100:443)

Remove bartvpn.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.