home

PennyBeeW.exe

PennyBee

MY POP SHOP LTD

The application PennyBeeW.exe by MY POP SHOP has been detected as adware by 2 anti-malware scanners.
Publisher:
MY POP SHOP LTD  (signed and verified)

Product:
PennyBee

Version:
1.0.3.0

MD5:
8ebdd5e3abf20495cf28e55a9199f503

SHA-1:
b98d3bf84e8722ad1d6e67e4c891cf5f96ad315f

SHA-256:
f725cb1bc62384868aab358958bec6d59c90e80b8f31c62c575002e27af22319

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
4/19/2024 1:09:12 PM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/Toolbar.Linkury (variant)
8.10414

Reason Heuristics
PUP.MYPOPSHOP.J
14.9.14.15

File size:
400.5 KB (410,120 bytes)

Product version:
1.0.3.0

Copyright:
Copyright © 2014

Original file name:
PennyBeeW.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\pennybee\pennybeew.exe

Digital Signature
Signed by:
MY POP SHOP LTD

Authority:
COMODO CA Limited

Valid from:
7/22/2014 2:00:00 AM

Valid to:
7/23/2015 1:59:59 AM

Subject:
CN=MY POP SHOP LTD, O=MY POP SHOP LTD, STREET=14 Shenkar Arie, L=HERZLIYA, S=NA, PostalCode=46725, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B739C4F756EE55FB750952CE570BE48B

File PE Metadata
Compilation timestamp:
9/7/2014 4:44:15 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:uXRlRoB+QrS1e6dj7lgdBOkWr4zCoqxt2Ffwc3ZNaAdCpv/H3xs:uoB+QrS1bdj7lgF2SOSf73Gbphs

Entry address:
0x5BC1E

Entry point:
FF, 25, 2C, BC, 45, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, BC, 05, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Code size:
359.5 KB (368,128 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to w01.ttms.eu  (46.105.156.71:80)

TCP (HTTP):
Connects to rtr2.l7.search.vip.ir2.yahoo.com  (188.125.66.104:80)

TCP (HTTP):
Connects to pc-in-f121.1e100.net  (74.125.28.121:80)

TCP (HTTP):
Connects to nlb-dobreprogramy.xenium.pl  (194.0.171.152:80)

TCP (HTTP):
Connects to lh23.dnsireland.com  (78.137.164.63:80)

TCP (HTTP):
Connects to hosted-by.leaseweb.com  (162.210.192.22:80)

TCP (HTTP):
Connects to fra07s27-in-f10.1e100.net  (173.194.112.10:80)

TCP (HTTP):
Connects to float.794.bm-impbus.prod.ams1.adnexus.net  (37.252.162.83:80)

TCP (HTTP):
Connects to float.1071.bm-impbus.prod.ams1.adnexus.net  (37.252.163.32:80)

TCP (HTTP):
Connects to ec2-54-89-42-30.compute-1.amazonaws.com  (54.89.42.30:80)

TCP (HTTP):
Connects to ec2-54-243-169-126.compute-1.amazonaws.com  (54.243.169.126:80)

TCP (HTTP):
Connects to ec2-54-242-237-165.compute-1.amazonaws.com  (54.242.237.165:80)

TCP (HTTP):
Connects to ec2-54-196-152-193.compute-1.amazonaws.com  (54.196.152.193:80)

TCP (HTTP):
Connects to ec2-107-20-34-56.compute-1.amazonaws.com  (107.20.34.56:80)

TCP (HTTP):
Connects to dedi2951.your-server.de  (78.46.155.137:80)

TCP (HTTP):
Connects to a95-101-197-120.deploy.akamaitechnologies.com  (95.101.197.120:80)

TCP (HTTP):
Connects to a23-206-101-48.deploy.static.akamaitechnologies.com  (23.206.101.48:80)

TCP (HTTP):
Connects to 50.97.45.20-static.reverse.softlayer.com  (50.97.45.20:80)

TCP (HTTP):
Connects to 50.97.32.133-static.reverse.softlayer.com  (50.97.32.133:80)

TCP (HTTP):
Connects to 2.counter.b.statcounter.com  (216.59.38.124:80)

Remove PennyBeeW.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.