» cougar-messenger.exe
Overview
Analysis
File Details
Network (1)

cougar-messenger.exe

Cougar Messenger

Rentabiliweb

The application cougar-messenger.exe, “Cougar Messenger Notifier” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address vip1.carpediem.fr on port 80 using the HTTP protocol.

File name:

Publisher:

Rentabiliweb

Product:

Cougar Messenger

Description:

Cougar Messenger Notifier

Version:

3,9,8,10

MD5:

7898b7c31cc23603ac3f8220f0652d93

SHA-1:

b7234943994bf2474d5602749b070770d5a14a2c

SHA-256:

b5f38d13afe69820e0d2d3639b2b910b25e7c13d07f0a64f63c0b0af25f4a36a

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 1:32:44 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Rentabiliweb.Messenger (L)

16.3.5.14

File size:

16.9 MB (17,700,912 bytes)

Product version:

3,9,8,10

Rentabiliweb Copyright c 2010

Original file name:

cougar-messenger.exe

File type:

Executable application (Win32 EXE)

Language:

French

Common path:

C:\Program Files\cougar-messenger\cougar-messenger.exe

File PE Metadata

Compilation timestamp:

10/15/2014 12:50:52 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

393216:iNQjIPIKsL3rsY0gV3jCkjQExJsv6tWKFdu9Cb:4PHgV3jCF8

Entry address:

0x8A9E91

Entry point:

E8, 81, D2, 00, 00, E9, 89, FE, FF, FF, B8, 5C, 7C, CB, 00, A3, 88, B4, 45, 01, C7, 05, 8C, B4, 45, 01, 52, 73, CB, 00, C7, 05, 90, B4, 45, 01, 06, 73, CB, 00, C7, 05, 94, B4, 45, 01, 3F, 73, CB, 00, C7, 05, 98, B4, 45, 01, A8, 72, CB, 00, A3, 9C, B4, 45, 01, C7, 05, A0, B4, 45, 01, D4, 7B, CB, 00, C7, 05, A4, B4, 45, 01, C4, 72, CB, 00, C7, 05, A8, B4, 45, 01, 26, 72, CB, 00, C7, 05, AC, B4, 45, 01, B2, 71, CB, 00, C3, 8B, FF, 55, 8B, EC, E8, 96, FF, FF, FF, 83, 7D, 08, 00, 74, 05, E8, 92, DD, 00, 00, DB... 
[+]

Code size:

11.7 MB (12,259,328 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to vip1.carpediem.fr (91.226.182.241:80)

Remove cougar-messenger.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.