» cashfiesta.exe
Overview
Analysis
File Details
Behaviors (1)
Network (3)

cashfiesta.exe

FìestaBar

Cashfìesta.com

The application cashfiesta.exe, “FìestaBar Application” has been detected as a potentially unwanted program by 13 anti-malware scanners. While running, it connects to the Internet address cashfiesta.com on port 80 using the HTTP protocol.

File name:

cashfiesta.exe

Publisher:

Cashfìesta.com

Product:

FìestaBar

Description:

FìestaBar Application

Version:

3, 0, 5, 140

MD5:

599acee4bceb0374a1329e850946e040

SHA-1:

f87d94d6a553ed926a5985906ccc7cd182b40b6a

SHA-256:

38cebe353f383254defef8450ca6ad4b22d38243523ab5e4862d60cfcf58cf43

Scanner detections:

13 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 6:01:39 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

Adware/CashFiesta.aj.1

7.11.125.192

Baidu Antivirus

Adware.Win32.CashFiesta

4.0.3.131226

Clam AntiVirus

Adware.EarnCash

0.98/18155

Comodo Security

ApplicUnwnt

17641

ESET NOD32

Win32/Adware.CashFiesta.C application

7.0.302.0

IKARUS anti.virus

not-a-virus:AdWare.Win32.CashFiesta

t3scan.2.2.29

K7 AntiVirus

Riskware

13.175.10881

Kaspersky

not-a-virus:AdWare.Win32.CashFiesta

14.0.0.4565

McAfee

Artemis!599ACEE4BCEB

5600.7270

Sophos

Generic PUA PI

4.96

Trend Micro House Call

TROJ_GEN.R0CBH07JE13

7.2.360

Vba32 AntiVirus

AdWare.CashFiesta

3.12.24.3

VIPRE Antivirus

Threat.4150696

46962

File size:

2.7 MB (2,825,216 bytes)

Product version:

3, 0, 5, 140

Original file name:

Cashfìesta.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\cashfiesta\fiestabar\cashfiesta.exe

File PE Metadata

Compilation timestamp:

3/4/2013 7:10:20 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:B4P2OiuDDaNwtCJWXkOnxx8z/Sp3fiIDKDlR:B4PtiunGwtrXXxaSp3fiIOh

Entry address:

0x13B08E

Entry point:

E8, DD, 0F, 01, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 4D, 0C, 8B, 45, 08, 33, D2, 3B, CA, 74, 1C, 66, 39, 10, 74, 06, 83, C0, 02, 49, 75, F5, 3B, CA, 74, 0D, 66, 39, 10, 75, 08, 2B, 45, 08, D1, F8, 40, 5D, C3, 8B, 45, 0C, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 30, A1, D0, C4, 64, 00, 33, C5, 89, 45, FC, 53, 56, 8B, 75, 0C, 57, 8B, 7D, 08, 33, DB, 89, 7D, D8, 89, 5D, F0, 3B, FB, 74, 0C, 39, 5D, 10, 75, 07, 33, C0, E9, 25, 02, 00, 00, 3B, F3, 75, 15, E8, 01, 13, 00, 00, C7, 00, 16, 00, 00, 00, E8, A3... 
[+]

Code size:

1.7 MB (1,764,864 bytes)

User Start Menu Item

Name:

cashfiesta.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to cashfiesta.com (107.170.197.143:80)

TCP (HTTP):

Connects to ibncloud.xl.co.id (112.215.105.153:80)

TCP (HTTP):

Connects to host-213.158.181.230.tedata.net (213.158.181.230:80)

Remove cashfiesta.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.