home

secure.distapp19.com

Domain Information

Server location:
Virginia, United States (US)

ASN:
AS14618 AMAZON-AES - Amazon.com, Inc.,US

Root domain:
distapp19.com

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.Adknowledge, Threat.Win.Reputation.IMP, PUP.Bundler.Adknowledge, PUP.InstallCore.Adknowledge.Installer (M), PUP.Performersoft.F11LSoft.Bundler (M), PUP.Adknowledge.Inertwar.Bundler (M), PUP.Adknowledge.SailMach.Bundler (M), PUP.Adknowledge (M)
100.00%

Dr.Web
Trojan.DownLoader12.15685, Trojan.iBryte.412, Trojan.iBryte.510
40.00%

VIPRE Antivirus
Threat.4798837
40.00%

F-Secure
Adware.Ibryte.BM, Gen:Variant.Adware.Strictor.78222, Gen:Trojan.Heur.TP.hs1@bqmyjlji
40.00%

Lavasoft Ad-Aware
Adware.Ibryte.BM, Gen:Variant.Adware.Strictor.78222, Gen:Trojan.Heur.TP.hs1@bqmyjlji
40.00%

Emsisoft Anti-Malware
Adware.Ibryte.BM, Gen:Variant.Adware.Strictor.78222, Gen:Trojan.Heur.TP.hs1@bqmyjlji
40.00%

ESET NOD32
Win32/Adware.iBryte.BY application, Win32/Adware.iBryte.BX application, Win32/Adware.iBryte.CC application
40.00%

AVG
Adware AdPlugin.CIO, Adware AdPlugin.CMK
40.00%

MicroWorld eScan
Adware.Ibryte.BM, Gen:Variant.Adware.Strictor.78222, Gen:Trojan.Heur.TP.hs1@bqmyjlji
40.00%

Bitdefender
Adware.Ibryte.BM, Gen:Variant.Adware.Strictor.78222, Gen:Trojan.Heur.TP.hs1@bKjSRvji, Gen:Trojan.Heur.TP.hs1@byohH2ei
40.00%

G Data
Adware.Ibryte.BM, Gen:Variant.Adware.Strictor.78222, Gen:Trojan.Heur.TP.hs1@bKjSRvji, Gen:Trojan.Heur.TP.hs1@byohH2ei
40.00%

NANO AntiVirus
Trojan.Win32.DownLoader12.dnihtg, Riskware.Win32.IBryte.dnwisu, Riskware.Win32.ArchSMS.domsyg
40.00%

Norman
IBryte.URL, Gen:Trojan.Heur.TP.hs1@bqmyjlji
40.00%

Avira AntiVirus
Adware/iBryte.bxpj, ADWARE/Adware.Gen7
30.00%

Panda Antivirus
Generic Suspicious, Trj/Genetic.gen
30.00%

The domain secure.distapp19.com has been seen to resolve to the following 2 IP addresses.

54.243.183.125
ec2-54-243-183-125.compute-1.amazonaws.com
February 15, 2015

54.243.186.169
ec2-54-243-186-169.compute-1.amazonaws.com
February 15, 2015

File downloads found at URLs served by secure.distapp19.com.

1 / 68      (Adware)
http://secure.distapp19.com/o/.../rootgenius.exe  (19f41fe486c6ae5870b827c3f55ec3d6)

1 / 68      (Adware)
http://secure.distapp19.com/o/.../panguv8setup.exe  (9fbba91ad8f84de937668451e8515917)

1 / 68      (Adware)
http://secure.distapp19.com/o/.../Odinv3.09_Setup.exe  (e174778e2e77bb267b95cd9b63680fdd)

1 / 68      (Adware)
http://secure.distapp19.com/o/.../Odin_Setup.exe  (1610039819c0cf2a7564fdc99c96eb6f)

1 / 68      (Adware)
http://secure.distapp19.com/o/.../setup.exe  (cf49751611483e7d9d03a2fca8e8acad)

1 / 68      (Adware)
http://secure.distapp19.com/o/.../Odinv3.09_Setup.exe  (cb52baa89e53ef6f1442730d00ffa17d)

25 / 68    (Adware)
http://secure.distapp19.com/o/.../Odinv3.09_Setup.exe  (c8ffe9f9ca4c61e0174073a8f664dea0)

25 / 68    (Adware)
http://secure.distapp19.com/o/.../Odinv3.09_Setup.exe  (367c22c576885119961162246416f62d)

22 / 68    (PUP)
http://secure.distapp19.com/o/.../Odinv3.09_Setup.exe  (d16437aee69a9569203e8492fd1cb59e)

19 / 68    (Adware)
http://secure.distapp19.com/o/.../rootgenius.exe  (6c233c75297deddc32eb43736b34f6da)

The following 5 files have been seen to comunicate with secure.distapp19.com in live environments.

TCP » 54.243.183.125:80
bmanager.exe

TCP » 54.243.183.125:80
havij.exe (Swift Installer)

TCP » 54.243.183.125:80
havij.exe (Swift Installer)

TCP » 54.243.183.125:80
889cfdf53ed361b978a97984afb04aa93fb721bd (Software Installer)

TCP » 54.243.186.169:80
setup.exe (Software Installer)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.