marini.exe

Marini

The application marini.exe has been detected as a potentially unwanted program by 2 anti-malware scanners. It runs as a scheduled task under the Windows Task Scheduler named 35952589 triggered to execute each time a user logs in. While running, it connects to the Internet address hosted-by.instantdedicated.com on port 80 using the HTTP protocol.
Publisher:
Marini

Product:
Marini

Version:
6.6.5.107

MD5:
e1ae327904e31d48dbeccbd4de0d2178

SHA-1:
7bc9cdb56babee223992094c582eff26b26b511c

SHA-256:
7611ee65e6c5fa4ae2a87c30a28ee2b84e4fcf9753c3e3be43aca28dbbf0e7f5

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
2/9/2017 3:32:35 AM UTC  (nine months ago)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Adware.Dotdo.AP application
6.3.12010.0

Reason Heuristics
Adware.Dotdo.ET (M)
17.2.8.22

File size:
8.5 KB (8,704 bytes)

Product version:
6.6.5.107

Copyright:
Copyright © Marini 2017

Trademarks:
© 2017 Marini

Original file name:
marini.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\documented\marini.exe

File PE Metadata
Compilation timestamp:
2/1/2017 6:38:02 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x372E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.3907

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
6 KB (6,144 bytes)

Scheduled Task
Task name:
35952589

Trigger:
Logon (Runs on logon)

Description:
3595258935952589


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to unallocated.barefruit.co.uk  (92.242.142.21:80)

TCP (HTTP):
Connects to 46.c8.c0ad.ip4.static.sl-reverse.com  (173.192.200.70:80)

TCP (HTTP):
Connects to static.hosted-by.miamidedicated.com  (162.222.193.17:80)

TCP (HTTP):
Connects to hosted-by.instantdedicated.com  (188.95.50.96:80)

TCP (HTTP):
Connects to lb-web.ustream.tv  (199.66.238.212:80)

TCP (HTTP):
Connects to cdce.nym011.internap.com  (63.251.19.11:80)

TCP (HTTP):
Connects to ec2-52-86-186-156.compute-1.amazonaws.com  (52.86.186.156:80)

TCP (HTTP SSL):
Connects to ec2-52-202-40-127.compute-1.amazonaws.com  (52.202.40.127:443)

TCP (HTTP):
Connects to pr-bh.pbp.vip.bf1.yahoo.com  (72.30.2.182:80)

TCP (HTTP):
Connects to server-54-192-19-88.iad12.r.cloudfront.net  (54.192.19.88:80)

TCP (HTTP):
Connects to server-54-192-19-72.iad12.r.cloudfront.net  (54.192.19.72:80)

TCP (HTTP):
Connects to ec2-52-72-252-22.compute-1.amazonaws.com  (52.72.252.22:80)

TCP (HTTP SSL):
Connects to ec2-52-87-7-157.compute-1.amazonaws.com  (52.87.7.157:443)

TCP (HTTP):
Connects to ec2-52-20-69-191.compute-1.amazonaws.com  (52.20.69.191:80)

TCP (HTTP):
Connects to ec2-52-205-51-172.compute-1.amazonaws.com  (52.205.51.172:80)

TCP (HTTP):
Connects to server-54-192-19-117.iad12.r.cloudfront.net  (54.192.19.117:80)

TCP (HTTP SSL):
Connects to server-52-85-142-150.iad12.r.cloudfront.net  (52.85.142.150:443)

TCP (HTTP):
Connects to lga-delivery-9.sys.adgear.com  (173.231.178.117:80)

TCP (HTTP):
Connects to ec2-54-236-87-23.compute-1.amazonaws.com  (54.236.87.23:80)

TCP (HTTP SSL):
Connects to ec2-52-86-23-40.compute-1.amazonaws.com  (52.86.23.40:443)

Remove marini.exe - Powered by Reason Core Security