» messengertime.exe
Overview
Analysis
File Details
Behaviors (1)
Network (8)

messengertime.exe

SoftNinjas

The application messengertime.exe by SoftNinjas has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘MessengerTime’. While running, it connects to the Internet address dmppixel-shared-mtc-c.evip.aol.com on port 80 using the HTTP protocol.

File name:

messengertime.exe

Publisher:

SoftNinjas (signed and verified)

MD5:

32b16a38b1674cc0ba2ec35efe2c99e5

SHA-1:

96492c6fc3986a14779be239b8ca364272e4a2e1

SHA-256:

38490959e2e108291d6cb91391a62819a879f76f423f718c38bcabf25888caa6

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/19/2024 5:57:34 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.WikiZ

17.1.1.17

File size:

45.6 MB (47,788,968 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\messengertime\messengertime.exe

Digital Signature

Signed by:

SoftNinjas

Authority:

SoftNinjas

Valid from:

8/10/2015 2:59:03 PM

Valid to:

8/7/2025 2:59:03 PM

Subject:

CN=MessengerTime, O=SoftNinjas, S=Some-State, C=US

Issuer:

CN=MessengerTime, O=SoftNinjas, S=Some-State, C=US

Serial number:

00F1F3BE66B4319891

File PE Metadata

Compilation timestamp:

2/20/2016 1:43:51 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

12.0

Entry address:

0x1C9A031

Entry point:

E8, 5A, 3A, 01, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 55, 0C, A1, 20, A8, EC, 02, F7, D2, 8B, 4D, 08, 23, D0, 23, 4D, 0C, 0B, D1, 89, 15, 20, A8, EC, 02, 5D, C3, E8, 09, 21, 00, 00, 85, C0, 74, 08, 6A, 16, E8, CC, 21, 00, 00, 59, F6, 05, 20, A8, EC, 02, 02, 74, 21, 6A, 17, E8, D9, 20, 60, 00, 85, C0, 74, 05, 6A, 07, 59, CD, 29, 6A, 01, 68, 15, 00, 00, 40, 6A, 03, E8, A9, F8, FF, FF, 83, C4, 0C, 6A, 03, E8, 16, FC, FF, FF, CC, 55, 8B, EC, 8D, 45, 18, 50, 6A, 00, FF, 75, 14, FF, 75, 10, FF, 75, 0C, FF, 75... 
[+]

Code size:

34.9 MB (36,634,112 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

MessengerTime

Command:

C:\users\{user}\appdata\roaming\messengertime\messengertime.exe su

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to dmppixel-shared-mtc-c.evip.aol.com (64.12.245.38:80)

TCP (HTTP):

Connects to unknown.telstraglobal.net (210.176.156.25:80)

TCP (HTTP):

Connects to s-prd-umpxl-adcom-scd-blue-b.evip.aol.com (149.174.66.131:80)

TCP (HTTP):

Connects to s-prd-umpxl-adcom-scd-a.evip.aol.com (152.163.13.4:80)

TCP (HTTP):

Connects to a184-86-201-168.deploy.static.akamaitechnologies.com (184.86.201.168:80)

TCP (HTTP):

Connects to a.tribalfusion.com (204.11.109.68:80)

TCP (HTTP):

Connects to a23-42-108-49.deploy.static.akamaitechnologies.com (23.42.108.49:80)

TCP (HTTP):

Connects to a184-31-33-103.deploy.static.akamaitechnologies.com (184.31.33.103:80)

Remove messengertime.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.