home

Odmenovac.exe

Odmenovac

TNS

The executable Odmenovac.exe has been detected as malware by 7 anti-virus scanners. While running, it connects to the Internet address vbl.videoboard.net on port 80 using the HTTP protocol.
Publisher:
TNS

Product:
Odmenovac

Description:
TNS Odmenovac

Version:
2.2.1.13

MD5:
5664c6f8a17dc85363bcd7f418bc16cd

SHA-1:
83c7419972b23e5252b7a5c0cd0cd5b30595c800

SHA-256:
a1df255a90320d925745fc703a17f6861771451c7dcf235754269bfca0856cc1

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
4/29/2024 6:46:05 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.12338800
702

Bitdefender
Trojan.Generic.12338800
1.0.20.315

Emsisoft Anti-Malware
Trojan.Generic.12338800
8.15.03.04.12

F-Secure
Trojan.Generic.12338800
11.2015-04-03_4

G Data
Trojan.Generic.12338800
15.3.24

MicroWorld eScan
Trojan.Generic.12338800
16.0.0.189

nProtect
Trojan.Generic.12338800
15.01.19.01

File size:
1.1 MB (1,164,800 bytes)

Product version:
2.2.1.13

Copyright:
Copyright © 2013 TNS

Original file name:
Odmenovac.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\apps\2.0\74dnclzy.l47\d6nzm0qk.a0g\odmenovac_e50b86a32720a37b_0002.0002_none_972822d52799fea0\odmenovac.exe

File PE Metadata
Compilation timestamp:
11/15/2013 9:46:38 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
1536:TL5iMbL9AL0Lv1UnhmgiOTJRBJR835JJRymqxXABLIgJR:TL5tCAghmgAmmcX1

Entry address:
0xDA67E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
2.8013

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
866 KB (886,784 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to vbl.videoboard.net  (90.183.122.32:80)

TCP (HTTP):
Connects to bvbl.videoboard.net  (90.183.122.36:80)

TCP (HTTP):
Connects to mail.vyskumy.sk  (195.168.217.84:80)

TCP (HTTP):
Connects to tag-direct.ams.contextweb.com  (74.214.194.86:80)

TCP (HTTP):
Connects to ec2-46-137-163-216.eu-west-1.compute.amazonaws.com  (46.137.163.216:80)

TCP (HTTP SSL):
Connects to cache.google.com  (213.81.154.183:443)

TCP (HTTP):
Connects to a23-6-124-7.deploy.static.akamaitechnologies.com  (23.6.124.7:80)

TCP (HTTP):
Connects to mail.czechtrade.net  (80.79.27.6:80)

TCP (HTTP):
Connects to uvirt8.active24.cz  (81.95.96.121:80)

TCP (HTTP):
Connects to www.audiopro.cz  (5.9.92.83:80)

TCP (HTTP):
Connects to web.slovanet.net  (195.28.64.101:80)

TCP (HTTP SSL):
Connects to ec2-174-129-255-167.compute-1.amazonaws.com  (174.129.255.167:443)

TCP (HTTP):
Connects to s3-1.amazonaws.com  (54.231.82.20:80)

TCP (HTTP):
Connects to lb-proxy-1.websupport.sk  (37.9.175.3:80)

TCP (HTTP):
Connects to f3.ff.a86c.ip4.static.sl-reverse.com  (108.168.255.243:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-vie1.facebook.com  (31.13.84.36:443)

TCP (HTTP SSL):
Connects to ec2-54-246-120-193.eu-west-1.compute.amazonaws.com  (54.246.120.193:443)

TCP (HTTP):
Connects to ec2-54-210-5-2.compute-1.amazonaws.com  (54.210.5.2:80)

TCP (HTTP):
Connects to ec2-52-72-130-201.compute-1.amazonaws.com  (52.72.130.201:80)

TCP (HTTP):
Connects to a62-197-198-179.deploy.static.akamaitechnologies.com  (62.197.198.179:80)

Remove Odmenovac.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.