ContentSinder.exe

ContentSinder

ContentSinder Company

The application ContentSinder.exe has been detected as a potentially unwanted program by 4 anti-malware scanners. While running, it connects to the Internet address s1.domeinwinkel.nl on port 80 using the HTTP protocol.
Publisher:
ContentSinder Company

Product:
ContentSinder

Version:
3.8.4.0

MD5:
f16552ea088cddebdb13f3ecdaf66374

SHA-1:
eba2ad728ecf70d9e9d9e58475b5342968612f85

SHA-256:
9d0ae7db6bdc8cad926221d6a41f492db09b391cf852a5c0bb52288f378ae2f0

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
11/21/2017 10:12:09 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
PUA.Win32.SoundFrost
4.0.3.15620

ESET NOD32
Win32/SoundFrost.E potentially unwanted (variant)
9.11802

Trend Micro House Call
Suspicious_GEN.F47V0617
7.2.171

VIPRE Antivirus
Trojan.Win32.Generic
42064

File size:
107.5 KB (110,080 bytes)

Product version:
3.8.4.0

Copyright:
Copyright (C) 2005-2014

Original file name:
ContentSinder.exe

File type:
Executable application (Win32 EXE)

Language:
Russian (Russia)

Common path:
C:\users\{user}\appdata\local\contentsinder.exe

File PE Metadata
Compilation timestamp:
5/19/2015 8:35:48 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
1536:+y7AUbA2kmVdRSxnqhjX7hmFiAFOAaxM/N33:L7At2+nqhjX7hCFOAaxO33

Entry address:
0x4110

Entry point:
E8, 8E, 04, 00, 00, E9, 63, FD, FF, FF, FF, 25, A8, 60, 40, 00, FF, 25, A4, 60, 40, 00, FF, 25, A0, 60, 40, 00, CC, CC, CC, CC, 68, 89, 41, 40, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 60, B1, 40, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, FF, 55, 8B, EC, FF, 75...
 
[+]

Entropy:
4.8343

Code size:
16.5 KB (16,896 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to customer.worldstream.nl  (217.23.7.144:80)

TCP (HTTP):
Connects to ec2-34-195-16-32.compute-1.amazonaws.com  (34.195.16.32:80)

TCP (HTTP):
Connects to a23-76-250-202.deploy.static.akamaitechnologies.com  (23.76.250.202:80)

TCP (HTTP):
Connects to server-54-192-55-245.jfk6.r.cloudfront.net  (54.192.55.245:80)

TCP (HTTP):
Connects to server-54-192-55-214.jfk6.r.cloudfront.net  (54.192.55.214:80)

TCP (HTTP):
Connects to server-54-192-55-168.jfk6.r.cloudfront.net  (54.192.55.168:80)

TCP (HTTP):
Connects to server-54-192-55-165.jfk6.r.cloudfront.net  (54.192.55.165:80)

TCP (HTTP):
Connects to li1452-235.members.linode.com  (139.162.39.235:80)

TCP (HTTP):
Connects to hosting01.servidoresdns.net  (217.76.128.34:80)

TCP (HTTP):
Connects to algartelecom-ula001.cache.google.com  (201.16.134.113:80)

TCP (HTTP):
Connects to a201-016-134-048.deploy.akamaitechnologies.com  (201.16.134.48:80)

TCP (HTTP):
Connects to 201-048-053-025.static.ctbc.com.br  (201.48.53.25:80)

TCP (HTTP):
Connects to s3-website-us-east-1.amazonaws.com  (52.216.1.58:80)

TCP (HTTP SSL):
Connects to www.united-domains.de  (89.31.137.100:443)

TCP (HTTP):
Connects to ve11.gconex.net  (190.9.34.132:80)

TCP (HTTP):
Connects to unassigned.psychz.net  (104.217.0.118:80)

TCP (HTTP):
Connects to unallocated.barefruit.co.uk  (92.242.142.8:80)

TCP (HTTP):
Connects to static.95.7.243.136.clients.your-server.de  (136.243.7.95:80)

TCP (HTTP):
Connects to server-54-230-81-203.mia50.r.cloudfront.net  (54.230.81.203:80)

TCP (HTTP):
Connects to server-54-230-81-197.mia50.r.cloudfront.net  (54.230.81.197:80)

Remove ContentSinder.exe - Powered by Reason Core Security