» ping.exe
Overview
Analysis
File Details
Network (3)

ping.exe

FileProperties_ProductName

FileProperties_CompanyName

The application ping.exe, “FileProperties_FileDescription” has been detected as a potentially unwanted program by 10 anti-malware scanners. This web browser addon will display additional advertisements in the user's browser including popup, banner, contextual hyperlinks as well as affiliate links. While running, it connects to the Internet address geoplugin.net on port 80 using the HTTP protocol.

File name:

ping.exe

Publisher:

FileProperties_CompanyName

Product:

FileProperties_ProductName

Description:

FileProperties_FileDescription

Version:

1000.1000.1000.1000

MD5:

96261d590c12f5d47da973ae882c58f0

SHA-1:

0a451aba92b8c9be2b2a883ed2279ecee0e67ac0

SHA-256:

f83ebef4e2a628e20fb9161740f77cd0857193d62a885e6da27696e02912218c

Scanner detections:

10 / 68

Status:

Potentially unwanted

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

4/25/2024 9:28:28 AM UTC (today)

Scan engine

Detection

Engine version

AVG

SmartShopper.G

2014.0.3616

Dr.Web

Adware.Plugin.88

9.0.1.0358

Emsisoft Anti-Malware

Riskware.Win32.Toolbar.CrossRider.AMN

8.14.01.02.11

ESET NOD32

Win32/Toolbar.CrossRider (variant)

7.8872

herdProtect (fuzzy)

variant of updater12767.exe (Adware)

2014.1.2.11

McAfee

Artemis!96261D590C12

5600.7272

Reason Heuristics

Threat.Win.Reputation.IMP

14.4.6.21

Trend Micro House Call

TROJ_GEN.F47V0528

7.2.2

VIPRE Antivirus

GamePlayLabs

18226

ViRobot

Trojan.Win32.A.Black.206336

2011.4.7.4223

File size:

201.5 KB (206,336 bytes)

Product version:

1000.1000.1000.1000

Original file name:

FileProperties_OriginalFilename.dll

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Local settings\temp\ping.exe

File PE Metadata

Compilation timestamp:

1/15/2013 3:01:55 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:q/2e1jiykkaE5dKvKJZltWRkWTpJitu8xQAei7MxNEndGM/7fq:ne9iykqZvlt4k8Jkn+Aei7MxvM2

Entry address:

0x15B31

Entry point:

E8, 95, 83, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, 22, E2, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, 20, 26, 43, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 6C, 90, 42, 00... 
[+]

Entropy:

6.4291

Code size:

158 KB (161,792 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to geoplugin.net (178.237.36.10:80)

TCP (HTTP):

Connects to tlb.hwcdn.net (69.16.175.10:80)

TCP (HTTP):

Connects to s3-website-us-east-1.amazonaws.com (176.32.102.68:80)

Remove ping.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.