notifier64.exe

Notifications

Passion Fruit Tech

The application notifier64.exe by Passion Fruit Tech has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Passion Fruit Tech  (signed and verified)

Product:
Notifications

Description:
Notications

Version:
1.0.0.3

MD5:
6c82516f4b79703a4e460ac62f950bf4

SHA-1:
d8ce9a3f61653aa6ae670745302a51e9c152f3bf

SHA-256:
37ac3621a7253cb20db4012545c3c0b7f50959ee587a5926f039d936ab3c676e

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2017 4:47:25 AM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.PassionFruitTech.K
14.9.6.9

File size:
436.8 KB (447,312 bytes)

Product version:
1.0.0.3

Original file name:
notifier.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\v-bates\notifier64.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
7/20/2014 7:00:00 PM

Valid to:
7/21/2015 6:59:59 PM

Subject:
CN=Passion Fruit Tech, O=Passion Fruit Tech, STREET=Rakefet, L=Hod Hasharon, S=Israel, PostalCode=4520634, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3505FC58261F9FA827A43371A3AAEC54

File PE Metadata
Compilation timestamp:
8/27/2014 5:32:14 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:2Z6G1KICd4gQL4SW4U6SuXcT3ib31ojOSJQfu99QBWPWVClTtdz9k:ZsLLJ34WM9cDc7m

Entry address:
0x25F8C

Entry point:
48, 83, EC, 28, E8, 9F, 7C, 00, 00, 48, 83, C4, 28, E9, 36, FE, FF, FF, CC, CC, 4C, 8B, DC, 49, 89, 53, 10, 4D, 89, 43, 18, 4D, 89, 4B, 20, 48, 83, EC, 38, 4C, 8B, C2, 49, 8D, 43, 18, 48, 8B, D1, 48, 8D, 0D, 28, 7F, 00, 00, 45, 33, C9, 49, 89, 43, E8, E8, 08, 00, 00, 00, 48, 83, C4, 38, C3, CC, CC, CC, 48, 8B, C4, 48, 89, 58, 08, 48, 89, 68, 10, 48, 89, 70, 18, 57, 48, 83, EC, 50, 48, 83, 60, C8, 00, 48, 8B, DA, 33, D2, 49, 8B, F8, 48, 8B, E9, 44, 8D, 42, 28, 48, 8D, 48, D0, 49, 8B, F1, E8, C4, FB, FF, FF...
 
[+]

Entropy:
6.0143

Code size:
243 KB (248,832 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to vip-112.lax.adconion.com  (207.171.14.112:80)

TCP (HTTP):
Connects to server-54-230-231-127.waw50.r.cloudfront.net  (54.230.231.127:80)

TCP (HTTP):
Connects to par08s10-in-f27.1e100.net  (74.125.230.251:80)

TCP (HTTP):
Connects to par08s10-in-f26.1e100.net  (74.125.230.250:80)

TCP (HTTP):
Connects to lhr14s23-in-f13.1e100.net  (74.125.230.77:80)

TCP (HTTP):
Connects to lhr08s05-in-f28.1e100.net  (74.125.230.156:80)

TCP (HTTP):
Connects to lhr08s05-in-f25.1e100.net  (74.125.230.153:80)

TCP (HTTP):
Connects to host-21.techconnect.nl  (62.133.211.21:80)

TCP (HTTP):
Connects to float.1688.bm-impbus.prod.fra1.adnexus.net  (37.252.170.86:80)

TCP (HTTP):
Connects to float.1291.bm-impbus.prod.fra1.adnexus.net  (37.252.170.40:80)

TCP (HTTP):
Connects to event.ri1.adxpose.com  (4.26.66.48:80)

TCP (HTTP):
Connects to ec2-54-84-143-69.compute-1.amazonaws.com  (54.84.143.69:80)

TCP (HTTP):
Connects to ec2-54-83-45-126.compute-1.amazonaws.com  (54.83.45.126:80)

TCP (HTTP):
Connects to ec2-54-83-29-92.compute-1.amazonaws.com  (54.83.29.92:80)

TCP (HTTP):

TCP (HTTP):
Connects to ec2-54-225-147-12.compute-1.amazonaws.com  (54.225.147.12:80)

TCP (HTTP):
Connects to ec2-54-210-151-64.compute-1.amazonaws.com  (54.210.151.64:80)

TCP (HTTP SSL):
Connects to ec2-54-148-77-185.us-west-2.compute.amazonaws.com  (54.148.77.185:443)

TCP (HTTP):
Connects to ec2-107-20-185-43.compute-1.amazonaws.com  (107.20.185.43:80)

TCP (HTTP):
Connects to bzq-25-69-170.static.bezeqint.net  (212.25.69.170:80)

Remove notifier64.exe - Powered by Reason Core Security