» www.presentuniverseapps.com
Overview
Analysis
IPs Addresses (17)
Downloads (4)
Network (2)

www.presentuniverseapps.com

Domain Information

Server location:

Washington, United States (US)

ASN:

AS16509 AMAZON-02 - Amazon.com, Inc.,US

Root domain:

presentuniverseapps.com

Scanner detections:

Malware distribution (100% detected)

Scan engine

Details

Detections

ESET NOD32

Win32/InstallCore.AFY potentially unwanted application, Win32/Sality.NBA virus

75.00%

McAfee

Artemis!01F7F52C5EE3, Artemis!57C8EDE2C92A, Virus.W32/Sality.gen.z

75.00%

Reason Heuristics

Adware.Bundler (M)

75.00%

Dr.Web

Adware.InstallCore.653, Win32.Sector.30

50.00%

AhnLab V3 Security

PUP/Win32.Downloader

50.00%

avast!

Win32:Malware-gen, Win32:SaliCode

50.00%

Vba32 AntiVirus

Malware-Cryptor.InstallCore.gen

25.00%

Fortinet FortiGate

Riskware/InstallCore

25.00%

Rising Antivirus

PE:Malware.Generic/QRS!1.9E2D [F]

25.00%

VIPRE Antivirus

Threat.4721115

25.00%

F-Prot

W32/Sality.gen2

25.00%

Microsoft Security Essentials

Threat.Undefined

25.00%

AVG

Win32/Sality

25.00%

Kaspersky

Virus.Win32.Sality

25.00%

Emsisoft Anti-Malware

Win32.Sality

25.00%

The domain www.presentuniverseapps.com has been seen to resolve to the following 17 IP addresses.

52.85.131.95

server-52-85-131-95.iad53.r.cloudfront.net

May 19, 2016

52.85.131.82

server-52-85-131-82.iad53.r.cloudfront.net

May 19, 2016

52.85.131.37

server-52-85-131-37.iad53.r.cloudfront.net

May 19, 2016

52.85.131.18

server-52-85-131-18.iad53.r.cloudfront.net

May 19, 2016

52.85.131.207

server-52-85-131-207.iad53.r.cloudfront.net

May 19, 2016

52.85.131.185

server-52-85-131-185.iad53.r.cloudfront.net

May 19, 2016

52.85.131.132

server-52-85-131-132.iad53.r.cloudfront.net

May 19, 2016

52.85.131.125

server-52-85-131-125.iad53.r.cloudfront.net

May 19, 2016

52.85.131.43

server-52-85-131-43.iad53.r.cloudfront.net

April 16, 2016

52.85.131.235

server-52-85-131-235.iad53.r.cloudfront.net

April 12, 2016

52.85.131.206

server-52-85-131-206.iad53.r.cloudfront.net

April 12, 2016

52.85.131.196

server-52-85-131-196.iad53.r.cloudfront.net

April 12, 2016

52.85.131.167

server-52-85-131-167.iad53.r.cloudfront.net

April 12, 2016

52.85.131.155

server-52-85-131-155.iad53.r.cloudfront.net

April 12, 2016

52.85.131.114

server-52-85-131-114.iad53.r.cloudfront.net

April 12, 2016

52.85.131.51

server-52-85-131-51.iad53.r.cloudfront.net

April 12, 2016

52.85.131.30

server-52-85-131-30.iad53.r.cloudfront.net

April 12, 2016

File downloads found at URLs served by www.presentuniverseapps.com.

12 / 68 (Infected)

http://www.presentuniverseapps.com/.../installer.exe (818fc78961d6c37f544bca87791228b9)

1 / 68 (Malware)

http://www.presentuniverseapps.com/.../installer.exe (76d3ba27f4a80aaf0172060fec1631e2)

6 / 68 (PUP)

http://www.presentuniverseapps.com/.../installer.exe (57c8ede2c92aefd75a3ee7e6d3aa4370)

7 / 68 (PUP)

http://www.presentuniverseapps.com/.../installer.exe (01f7f52c5ee319b71c1f0cf245b6da21)

The following 2 files have been seen to comunicate with www.presentuniverseapps.com in live environments.

TCP » 52.85.131.30:443

browser.exe (Browser)

TCP » 52.85.131.196:80

SimpleDriverUpdater.exe (Simple Driver Updater)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.