megacubo.exe

Megacubo

www.megacubo.net

The executable megacubo.exe has been detected as malware by 13 anti-virus scanners. This is a setup program which is used to install the application. This file is typically installed with the program Megacubo 11 by www.megacubo.net. According to the AV engines that detect this, it is a detection for a file infected by members of the Win32/Ramnit malware family and may drop and load other malware. While running, it connects to the Internet address svr8.ravehost.com.br on port 80 using the HTTP protocol.
Publisher:
www.megacubo.net

Product:
Megacubo

Version:
8.1

MD5:
549d0f7e589943ae2075004a342704e3

SHA-1:
1dd54d256a0284b032a5c3ca30bf3ec5f6757664

SHA-256:
d594761bfc67213193bdd42b84ed96e04e19d795a6d27a32834d921cf4dea87f

Scanner detections:
13 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
9/22/2018 3:02:01 AM UTC  (a few moments ago)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win32/Ramnit.B
2015.05.17

Antiy Labs AVL
Virus/Win32.Nimnul.a
1.0.0.1

AVG
Win32/Ramnit.A
2016.0.2977

Baidu Antivirus
Virus.Win32.Nimnul.$a
4.0.3.15924

Dr.Web
Trojan.DownLoader11.13453
9.0.1.05190

Fortinet FortiGate
W32/Ramnit.C
9/24/2015

G Data
Win32.Ramnit
15.9.25

IKARUS anti.virus
Virus.Win32.Ramnit
t3scan.1.8.9.0

Jiangmin
TrojanDownloader.Agent.eopb
KV150812

Kingsoft AntiVirus
Win32.Ramnit.la.30720
331020.49267

Panda Antivirus
W32/Cosmu.gen
15.09.24.08

Rising Antivirus
PE:Win32.Ramnit.a!1590234
23.00.65.15922

Vba32 AntiVirus
Virus.Win32.Nimnul.a
3.12.26.4

File size:
4.5 MB (4,714,496 bytes)

Product version:
8.1

Trademarks:
PHP v5.2.5

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\megacubo\megacubo.exe

File PE Metadata
Compilation timestamp:
8/7/2008 11:28:58 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
49152:HTDc11LNlirPrSh0+jW19E8xNU/YKT9uscKu6GaXUT4IBAUZLYBQuPN9Ir:WqKXg9E43JBAUZLVuPNm

Entry address:
0x23515E

Entry point:
55, 8B, EC, 6A, FF, 68, C0, 01, 79, 00, 68, B6, 57, 63, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 20, 53, 56, 57, 89, 65, E8, 83, 65, FC, 00, 6A, 01, FF, 15, D0, 74, 63, 00, 59, 83, 0D, 14, 4B, 82, 00, FF, 83, 0D, 18, 4B, 82, 00, FF, FF, 15, CC, 74, 63, 00, 8B, 0D, 44, 2F, 7F, 00, 89, 08, FF, 15, C8, 74, 63, 00, 8B, 0D, 40, 2F, 7F, 00, 89, 08, A1, C4, 74, 63, 00, 8B, 00, A3, 1C, 4B, 82, 00, E8, E9, 05, 00, 00, 83, 3D, 40, B9, 7C, 00, 00, 75, 0C, 68, B2, 57, 63, 00, FF, 15, C0, 74...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
2.2 MB (2,318,336 bytes)

The file megacubo.exe has been discovered within the following programs.

Megacubo 11  by www.megacubo.net
www.megacubo.net
About 9% of users remove it
 
Powered by Should I Remove It?

The file megacubo.exe has been seen being distributed by the following URL.

temp:megacubo.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to svr8.ravehost.com.br  (158.69.55.227:80)

TCP (HTTP):
Connects to 94.63.1732.ip4.static.sl-reverse.com  (50.23.99.148:80)

TCP (HTTP):
Connects to new-server2.worldtv.com  (209.50.243.114:80)

TCP (HTTP):
Connects to lb-web.ustream.tv  (199.66.238.212:80)

TCP:
Connects to no-rdns.m247.ro  (185.181.102.2:8081)

TCP (HTTP):
Connects to vmi103123.contabo.host  (213.136.91.159:80)

TCP (HTTP):
Connects to spcms.pbp.vip.bf1.yahoo.com  (72.30.202.150:80)

TCP (HTTP):
Connects to server-54-192-59-180.gru1.r.cloudfront.net  (54.192.59.180:80)

TCP (HTTP SSL):
Connects to server-52-84-26-67.ewr50.r.cloudfront.net  (52.84.26.67:443)

TCP (HTTP):
Connects to server-52-84-174-158.gru50.r.cloudfront.net  (52.84.174.158:80)

TCP (HTTP):
Connects to s3-1.amazonaws.com  (54.231.33.130:80)

TCP (HTTP):
Connects to players.fabricahost.com.br  (198.199.87.225:80)

TCP (HTTP):
Connects to ec2-54-233-75-50.sa-east-1.compute.amazonaws.com  (54.233.75.50:80)

TCP (HTTP):
Connects to ec2-54-219-148-161.us-west-1.compute.amazonaws.com  (54.219.148.161:80)

TCP (HTTP):
Connects to ec2-54-207-102-228.sa-east-1.compute.amazonaws.com  (54.207.102.228:80)

TCP (HTTP):
Connects to ec2-54-174-185-190.compute-1.amazonaws.com  (54.174.185.190:80)

TCP (HTTP):
Connects to ec2-52-87-30-187.compute-1.amazonaws.com  (52.87.30.187:80)

TCP (HTTP):
Connects to ec2-52-52-192-52.us-west-1.compute.amazonaws.com  (52.52.192.52:80)

TCP (HTTP):
Connects to ec2-52-45-170-144.compute-1.amazonaws.com  (52.45.170.144:80)

TCP (HTTP):
Connects to ec2-52-2-37-89.compute-1.amazonaws.com  (52.2.37.89:80)

Remove megacubo.exe - Powered by Reason Core Security