PennyBeeW.exe

PennyBee

The application PennyBeeW.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. While running, it connects to the Internet address 190.226.197.104.bc.googleusercontent.com on port 80 using the HTTP protocol.
Product:
PennyBee

Version:
1.0.5.0

MD5:
ab8cb2f1d783e45a0a96aa78eb2751a8

SHA-1:
c60fabc9d2be4583b01968c9e31a9fe933718ba1

SHA-256:
8a4aee9965ae465aebdbf767f23d77afbe33adcefe75928956cd88d06a32dd61

Scanner detections:
13 / 68

Status:
Potentially unwanted

Analysis date:
3/6/2021 1:21:10 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.468568
830

Avira AntiVirus
TR/Kazy.468568.1
7.11.180.228

avast!
Win32:Dropper-gen [Drp]
2014.9-141027

Baidu Antivirus
PUA.MSIL.Linkury
4.0.3.141027

Bitdefender
Gen:Variant.Kazy.468568
1.0.20.1500

Emsisoft Anti-Malware
Gen:Variant.Kazy.468568
8.14.10.27.05

ESET NOD32
MSIL/Toolbar.Linkury (variant)
8.10611

Fortinet FortiGate
Adware/Linkury
10/27/2014

F-Secure
Gen:Variant.Kazy.468568
11.2014-27-10_2

G Data
Gen:Variant.Kazy.468568
14.10.24

McAfee
Artemis!AB8CB2F1D783
5600.6964

MicroWorld eScan
Gen:Variant.Kazy.468568
15.0.0.900

Qihoo 360 Security
Win32/Trojan.554
1.0.0.1015

File size:
330.5 KB (338,432 bytes)

Product version:
1.0.5.0

Copyright:
Copyright © 2014

Original file name:
PennyBeeW.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\pennybee\pennybeew.exe

File PE Metadata
Compilation timestamp:
10/12/2014 12:14:59 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:JZdyLdoZIDW/05lVxl/IA/z7VkOBBhyL7EBG1Gda5WPk7:Fh/0Fxl/j/zFkJ1Gdu7

Entry address:
0x4C14E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
296.5 KB (303,616 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to blob.am5prdstr07a.store.core.windows.net  (13.95.96.184:80)

TCP (HTTP):
Connects to w4.educationalnetworks.net  (64.147.114.108:80)

TCP (HTTP):
Connects to ec2-23-21-218-182.compute-1.amazonaws.com  (23.21.218.182:80)

TCP (HTTP):
Connects to 64.147.114.103.static.nyinternet.net  (64.147.114.103:80)

TCP (HTTP):
Connects to 190.226.197.104.bc.googleusercontent.com  (104.197.226.190:80)

TCP (HTTP):
Connects to a-0001.a-msedge.net  (204.79.197.200:80)

TCP (HTTP):
Connects to wi-in-f94.1e100.net  (173.194.67.94:80)

TCP (HTTP):
Connects to sof01s11-in-f0.1e100.net  (216.58.208.96:80)

TCP (HTTP):
Connects to sof01s02-in-f13.1e100.net  (173.194.39.237:80)

TCP (HTTP):
Connects to server.media-traffic.net  (142.4.31.16:80)

TCP (HTTP):
Connects to r-s-3.n.aclst.com  (178.33.224.223:80)

TCP (HTTP):
Connects to public82283.xdsl.centertel.pl  (188.47.193.107:80)

TCP (HTTP):
Connects to ov5-oc-sax.ts-center.de  (176.31.224.150:80)

TCP (HTTP):
Connects to ns367846.ip-94-23-28.eu  (94.23.28.104:80)

TCP (HTTP):
Connects to ns3453438.ip-94-23-45.eu  (94.23.45.125:80)

TCP (HTTP):
Connects to ns302408.ip-94-23-195.eu  (94.23.195.193:80)

TCP (HTTP):
Connects to np-62629e7e.aclst.com  (178.33.122.54:80)

TCP (HTTP):
Connects to np-534e0018.aclst.com  (46.105.105.43:80)

TCP (HTTP):
Connects to no-rdns.free.clues.ro  (89.33.8.30:80)

TCP (HTTP):
Connects to mil01s17-in-f26.1e100.net  (173.194.35.58:80)

Remove PennyBeeW.exe - Powered by Reason Core Security