home

Free Torrent Opener.exe

Free Torrent Opener Module

Honlyn (Macao Commercial Offshore) Limited

The application Free Torrent Opener.exe by Honlyn (Macao Commercial Offshore) Limited has been detected as a potentially unwanted program by 2 anti-malware scanners. While running, it connects to the Internet address jmc1835555.lnk.telstra.net on port 22402.
Publisher:
Tripro Limited  (signed by Honlyn (Macao Commercial Offshore) Limited)

Product:
Free Torrent Opener Module

Version:
1, 0, 0, 1

MD5:
9f3e64068adbc362f912586eccc12291

SHA-1:
308154f39cf1b6aadb9ae14f8e76acb9ce592eff

SHA-256:
d5955253abf0f0d73ad33509cff7a687d5c15a91d21c1431f6b216bd8610021a

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/19/2024 12:49:06 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Win32.Generic.HonlynMacaoCommercialOffshore.Meta
15.10.22.8

Rising Antivirus
PE:Malware.RDM.38!5.2C[F1]
23.00.65.151020

File size:
6.6 MB (6,875,448 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright 2013

Original file name:
Free Torrent Opener.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\free torrent opener\free torrent opener.exe

Digital Signature
Signed by:
Honlyn (Macao Commercial Offshore) Limited

Authority:
Symantec Corporation

Valid from:
9/8/2015 4:00:00 AM

Valid to:
10/8/2017 3:59:59 AM

Subject:
CN=Honlyn (Macao Commercial Offshore) Limited, O=Honlyn (Macao Commercial Offshore) Limited, L=Macau, S=Macau, C=MO

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
4BC4BDE05163DF071B194A0EB664470F

File PE Metadata
Compilation timestamp:
10/15/2015 2:41:01 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:DifjDtTjk1fvq+E9Gl0n/t3WUK/5vfl7lXgY+innsMJ5:+HBhOxN7nsMJ5

Entry address:
0x367D6F

Entry point:
E8, CB, 47, 01, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, 56, 8B, 75, 08, 57, 33, FF, 89, 7D, FC, 3B, F7, 75, 1E, E8, 94, 31, 00, 00, 6A, 16, 5E, 57, 57, 57, 57, 57, 89, 30, E8, 2A, BE, FF, FF, 83, C4, 14, 8B, C6, E9, 0B, 02, 00, 00, 6A, 24, 68, FF, 00, 00, 00, 56, E8, 66, 90, FF, FF, 8B, 45, 0C, 83, C4, 0C, 3B, C7, 74, CB, 8B, 08, 8B, 40, 04, 83, F8, FF, 89, 4D, F0, 89, 45, F4, 7F, 16, 7C, 08, 81, F9, 40, 57, FF, FF, 73, 0C, E8, 45, 31, 00, 00, 6A, 16, 5E, 89, 30, EB, BC, 83, F8, 07, 7C, 0A...
 
[+]

Code size:
4.4 MB (4,585,472 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to thisis.feralhosting.com  (185.21.216.159:49166)

TCP:
Connects to sp-198-254.tm.net.my  (210.187.198.254:48974)

TCP:
Connects to pc-50-215-162-190.cm.vtr.net  (190.162.215.50:1180)

TCP:
Connects to ks-111-246.tm.net.my  (219.92.111.246:6881)

TCP:
Connects to i25058.upc-i.chello.nl  (62.195.25.58:54364)

TCP:
Connects to host-197.46.70.161.tedata.net  (197.46.70.161:35363)

TCP:
Connects to host-184-167-130-98.cdc-ut.client.bresnan.net  (184.167.130.98:24090)

TCP:
Connects to CPE-124-188-27-84.pqrn1.win.bigpond.net.au  (124.188.27.84:55145)

TCP:
Connects to bd237f02.virtua.com.br  (189.35.127.2:25454)

TCP:
Connects to bba101319.alshamil.net.ae  (217.164.226.227:42893)

TCP:
Connects to bacfa6dd.virtua.com.br  (186.207.166.221:42191)

TCP:
Connects to b1c0f9d9.virtua.com.br  (177.192.249.217:7048)

TCP:
Connects to abts-ap-dynamic-202.127.230.223.airtelbroadband.in  (223.230.127.202:26089)

TCP:
Connects to a88-157-136-54.static.cpe.netcabo.pt  (88.157.136.54:1648)

TCP:
Connects to 46-198-51-95.adsl.cyta.gr  (46.198.51.95:23179)

TCP:
Connects to 240.subnet125-162-195.speedy.telkom.net.id  (125.162.195.240:50841)

TCP:
Connects to 173-245-203-133.ipvanish.com  (173.245.203.133:56768)

TCP:
Connects to 15.8.150.122.sta.dodo.net.au  (122.150.8.15:40802)

TCP:
Connects to 144.234.114.89.rev.vodafone.pt  (89.114.234.144:51528)

TCP:
Connects to 14-201-13-160.static.tpgi.com.au  (14.201.13.160:24002)

Remove Free Torrent Opener.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.