messengertime.exe

SoftNinjas

The application messengertime.exe by SoftNinjas has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘MessengerTime’. While running, it connects to the Internet address dmppixel-shared-mtc-c.evip.aol.com on port 80 using the HTTP protocol.
Publisher:
SoftNinjas  (signed and verified)

MD5:
32b16a38b1674cc0ba2ec35efe2c99e5

SHA-1:
96492c6fc3986a14779be239b8ca364272e4a2e1

SHA-256:
38490959e2e108291d6cb91391a62819a879f76f423f718c38bcabf25888caa6

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/25/2018 3:50:47 AM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.WikiZ
17.1.1.17

File size:
45.6 MB (47,788,968 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\messengertime\messengertime.exe

Digital Signature
Signed by:

Authority:
SoftNinjas

Valid from:
8/10/2015 2:59:03 PM

Valid to:
8/7/2025 2:59:03 PM

Subject:
CN=MessengerTime, O=SoftNinjas, S=Some-State, C=US

Issuer:
CN=MessengerTime, O=SoftNinjas, S=Some-State, C=US

Serial number:
00F1F3BE66B4319891

File PE Metadata
Compilation timestamp:
2/20/2016 1:43:51 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x1C9A031

Entry point:
E8, 5A, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, A8, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, A8, EC, 02, 5D, C3, E8, 09, 21, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CC, 21, 00, 00, 59, F6, 05, 20, A8, EC, 02, 02, 74, 21, 6A, 17, E8, D9, 20, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A9, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 16, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75...
 
[+]

Code size:
34.9 MB (36,634,112 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MessengerTime

Command:
C:\users\{user}\appdata\roaming\messengertime\messengertime.exe su


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to dmppixel-shared-mtc-c.evip.aol.com  (64.12.245.38:80)

TCP (HTTP):
Connects to unknown.telstraglobal.net  (210.176.156.25:80)

TCP (HTTP):
Connects to s-prd-umpxl-adcom-scd-blue-b.evip.aol.com  (149.174.66.131:80)

TCP (HTTP):
Connects to s-prd-umpxl-adcom-scd-a.evip.aol.com  (152.163.13.4:80)

TCP (HTTP):
Connects to a184-86-201-168.deploy.static.akamaitechnologies.com  (184.86.201.168:80)

TCP (HTTP):
Connects to a.tribalfusion.com  (204.11.109.68:80)

TCP (HTTP):

TCP (HTTP):
Connects to a184-31-33-103.deploy.static.akamaitechnologies.com  (184.31.33.103:80)

Remove messengertime.exe - Powered by Reason Core Security