home

rightsnetworkmediaplugin_setupd_14_19_566a01cb.exe

AD ROCKS, INC.

The application rightsnetworkmediaplugin_setupd_14_19_566a01cb.exe by AD ROCKS, INC has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from feed.rightsnetwork.net and multiple other hosts. While running, it connects to the Internet address static.110.88.251.148.clients.your-server.de on port 80 using the HTTP protocol.
Publisher:
AD ROCKS, INC.  (signed and verified)

MD5:
2eebdabd6405818a7afb22c556b60df5

SHA-1:
dc0d1ca6c376bf397e6dd7d76fbc9386b996c6de

SHA-256:
4b9cda4d5e5b08a5dc61ccc1682c060d3a4e842da4646ac19e92ec136fdbf2fb

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/16/2024 5:01:49 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ADROCKS.Installer (M)
16.6.13.20

File size:
1.2 MB (1,211,888 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\rightsnetworkmediaplugin_setupd_14_19_566a01cb.exe

Digital Signature
Signed by:
AD ROCKS, INC.

Authority:
thawte, Inc.

Valid from:
6/26/2015 9:00:00 AM

Valid to:
7/23/2017 8:59:59 AM

Subject:
CN="AD ROCKS, INC.", O="AD ROCKS, INC.", L=LAS VEGAS, S=Nevada, C=US

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
42F64A6F5D53B03D0D14A3CBFE1A5169

File PE Metadata
Compilation timestamp:
4/4/2016 5:18:59 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:G5lLj5YCAfI2psDzWiH5xXPA0TZbH5slIo:6l3+fI4sHWUPo0T1ulr

Entry address:
0x310F

Entry point:
81, EC, 84, 01, 00, 00, 53, 56, 57, 33, DB, 68, 01, 80, 00, 00, 89, 5C, 24, 18, C7, 44, 24, 10, 98, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, A8, 70, 40, 00, FF, 15, A4, 70, 40, 00, 66, 3D, 06, 00, 74, 11, 53, E8, 7C, 2F, 00, 00, 3B, C3, 74, 07, 68, 00, 0C, 00, 00, FF, D0, BE, 98, 72, 40, 00, 56, E8, F8, 2E, 00, 00, 56, FF, 15, A0, 70, 40, 00, 8D, 74, 06, 01, 38, 1E, 75, EB, 55, 6A, 09, E8, 4F, 2F, 00, 00, 6A, 07, E8, 48, 2F, 00, 00, A3, 04, E4, 42, 00, FF, 15, 44, 70, 40, 00, 53, FF, 15, 88...
 
[+]

Entropy:
7.9911  (probably packed)

Code size:
24 KB (24,576 bytes)

The file rightsnetworkmediaplugin_setupd_14_19_566a01cb.exe has been seen being distributed by the following 9 URLs.

http://feed.rightsnetwork.net:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_19_2470543F.exe

http://feed.rightsnetwork.net:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_19_2C4B0DB2.exe

http://feed.rightsnetwork.net:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_19_4B97FA55.exe

http://feed.rightsnetwork.net:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_19_1AED752B.exe

http://feed.rightsnetwork.net:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_19_25EBEABF.exe

http://feed.rightsnetwork.net:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_19_260499BD.exe

http://feed.rightsnetwork.net:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_19_6D472C38.exe

http://feed.rightsnetwork.net:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_19_3D3C3954.exe

http://feed.rightsnetwork.net:8088/admatch2D/.../RightsNetworkMediaPlugIn_SetupD_14_19_052AC753.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to static.110.88.251.148.clients.your-server.de  (148.251.88.110:80)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.