home

pirritdesktop.exe

Zugara Investments Limited

The application pirritdesktop.exe by Zugara Investments Limited has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Zugara Investments Limited  (signed and verified)

MD5:
7e4fd9aab681a10a1510c5b2f5dd693a

SHA-1:
72a4bfc01e34d62f4f9cf93f87f89a0c9039f0a3

SHA-256:
848ea500281a5255da04cdcffcee05bb9170196a34bf7d1de381c861a18d8a91

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/26/2024 7:40:48 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ZugaraInvestmentsLimited.N
14.8.7.23

File size:
186.8 KB (191,320 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\pirritsuggestor\pirritdesktop.exe

Digital Signature
Signed by:
Zugara Investments Limited

Authority:
DigiCert Inc

Valid from:
6/7/2013 2:00:00 AM

Valid to:
6/9/2014 2:00:00 PM

Subject:
CN=Zugara Investments Limited, O=Zugara Investments Limited, L=Larnaca, C=CY

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0E69C9D3F6F493CFDD35EE66D63A5D96

File PE Metadata
Compilation timestamp:
3/18/2014 1:25:27 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:euGFdJQGTQiF+P7bgXM8nU2kOoaL8M5cv:euGdl0iF+3gJnxkOoaLXcv

Entry address:
0x1A8C9

Entry point:
E8, A5, 04, 00, 00, E9, 63, FD, FF, FF, CC, FF, 25, 0C, F1, 41, 00, FF, 25, 00, F1, 41, 00, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, B8, A3, 42, 00, 89, 0D, B4, A3, 42, 00, 89, 15, B0, A3, 42, 00, 89, 1D, AC, A3, 42, 00, 89, 35, A8, A3, 42, 00, 89, 3D, A4, A3, 42, 00, 66, 8C, 15, D0, A3, 42, 00, 66, 8C, 0D, C4, A3, 42, 00, 66, 8C, 1D, A0, A3, 42, 00, 66, 8C, 05, 9C, A3, 42, 00, 66, 8C, 25, 98, A3, 42, 00, 66, 8C, 2D, 94, A3, 42, 00, 9C, 8F, 05, C8, A3, 42, 00, 8B, 45, 00, A3, BC, A3, 42, 00, 8B, 45...
 
[+]

Packer / compiler:
PEQuake V0.06

Code size:
118.5 KB (121,344 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-208-30-101.compute-1.amazonaws.com  (54.208.30.101:80)

TCP (HTTP):
Connects to v-2-dl28-d1466-51.webazilla.com  (78.140.130.51:80)

TCP (HTTP):
Connects to server-54-230-88-28.ind6.r.cloudfront.net  (54.230.88.28:80)

TCP (HTTP):
Connects to server13703.teamviewer.com  (217.170.203.38:80)

TCP (HTTP):
Connects to ord08s08-in-f31.1e100.net  (74.125.225.127:80)

TCP (HTTP):
Connects to md5.hackerwatch.org  (161.69.13.35:80)

TCP (HTTP):
Connects to live04.20min.ch  (83.140.105.35:80)

TCP (HTTP):
Connects to lb-in-f199.1e100.net  (173.194.71.199:80)

TCP (HTTP):
Connects to la-in-f199.1e100.net  (74.125.143.199:80)

TCP (HTTP):
Connects to fra07s28-in-f28.1e100.net  (173.194.112.60:80)

TCP (HTTP):
Connects to float.1843.bm-impbus.prod.fra1.adnexus.net  (37.252.170.136:80)

TCP (HTTP):
Connects to float.1615.bm-impbus.prod.ams1.adnexus.net  (37.252.162.105:80)

TCP (HTTP):
Connects to fa-in-f154.1e100.net  (173.194.70.154:80)

TCP (HTTP):
Connects to ec2-54-236-84-233.compute-1.amazonaws.com  (54.236.84.233:80)

TCP (HTTP):
Connects to ec2-54-236-185-220.compute-1.amazonaws.com  (54.236.185.220:80)

TCP (HTTP):
Connects to ec2-54-236-177-211.compute-1.amazonaws.com  (54.236.177.211:80)

TCP (HTTP):
Connects to ec2-54-235-180-153.compute-1.amazonaws.com  (54.235.180.153:80)

TCP (HTTP):
Connects to ec2-54-204-14-44.compute-1.amazonaws.com  (54.204.14.44:80)

TCP (HTTP):
Connects to ec2-50-17-215-95.compute-1.amazonaws.com  (50.17.215.95:80)

TCP (HTTP):
Connects to ec2-50-16-239-71.compute-1.amazonaws.com  (50.16.239.71:80)

Remove pirritdesktop.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.