sentry_mba.exe

The application sentry_mba.exe has been detected as a potentially unwanted program by 5 anti-malware scanners. The file has been seen being downloaded from mega.nz. While running, it connects to the Internet address checkip-iad.dyndns.com on port 80 using the HTTP protocol.
Description:
Sentry MBA

Version:
1.4.1.9619

MD5:
4d1b874fdf4d3c6abc5aebf4959ae6e5

SHA-1:
503b58464c4180a1d9fa5e127f8e12b6bf07c39f

SHA-256:
273656004e557b0991885d4cff58507c590c3d6f5ed24e315add22453e6cf4ab

Scanner detections:
5 / 68

Status:
Potentially unwanted

Analysis date:
10/23/2017 7:47:15 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/SentryMBA.A
7.11.137.112

Antiy Labs AVL
RiskWare[PSWTool:not-a-virus]/Win32.NetPass
0.1.0.1

K7 AntiVirus
Riskware
13.176.11451

K7 Gateway Antivirus
Riskware
13.176.11451

Sophos
Generic PUA FA
4.98

File size:
5.3 MB (5,556,224 bytes)

Product version:
1.4.1

File type:
Executable application (Win32 EXE)

Language:
English (United States)

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:MD4ET113p6hnHcn84Ull604Qq9d/p/WwqkJ:MPzEhnHcn84Ull604Qq9d/peRk

Entry address:
0x342F90

Entry point:
55, 8B, EC, 83, C4, F0, B8, F0, 23, 74, 00, E8, 74, 40, CC, FF, A1, 70, 11, 78, 00, 8B, 00, 8B, 40, 30, BA, 01, 00, 00, 00, E8, DC, F1, FF, FF, 84, C0, 75, 41, A1, 70, 11, 78, 00, 8B, 00, E8, 84, D0, D4, FF, A1, 70, 11, 78, 00, 8B, 00, BA, 08, 30, 74, 00, E8, 6B, CC, D4, FF, 8B, 0D, 64, 10, 78, 00, A1, 70, 11, 78, 00, 8B, 00, 8B, 15, 78, C0, 6A, 00, E8, 73, D0, D4, FF, A1, 70, 11, 78, 00, 8B, 00, E8, E7, D0, D4, FF, E8, 1E, 19, CC, FF, 00, 00, FF, FF, FF, FF, 03, 00, 00, 00, 4D, 42, 41, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.9905

Developed / compiled with:
Microsoft Visual C++

Code size:
3.3 MB (3,416,576 bytes)

The file sentry_mba.exe has been seen being distributed by the following URL.

https://mega.nz/temporary/.../csVHCY4Q

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to checkip-iad.dyndns.com  (216.146.38.70:80)

TCP (HTTP):
Connects to s19050748.onlinehome-server.info  (217.160.93.108:80)

TCP:
Connects to p1239077-ipngn11401hodogaya.kanagawa.ocn.ne.jp  (114.159.47.77:3128)

TCP (HTTP):
Connects to mail.ambulanta.md  (86.105.81.90:8080)

TCP (HTTP):
Connects to Kol-103.251.83.49.PMPL-Broadband.net  (103.251.83.49:8080)

TCP:
Connects to ip-46-72-180-25.bb.netbynet.ru  (46.72.180.25:8081)

TCP:
Connects to ip-243-212-241-80.static.contabo.net  (80.241.212.243:3128)

TCP (HTTP):
Connects to ip-189-96-55-66.user.vivozap.com.br  (189.96.55.66:8080)

TCP (HTTP):
Connects to ip128.ip-178-32-213.eu  (178.32.213.128:80)

TCP (HTTP):
Connects to host-static-93-115-138-250.moldtelecom.md  (93.115.138.250:8080)

TCP (HTTP):
Connects to host-static-109-185-180-87.moldtelecom.md  (109.185.180.87:8080)

TCP (HTTP):
Connects to host-91-103-26-186.customers.adc.am  (91.103.26.186:8080)

TCP (HTTP):

TCP (HTTP):
Connects to ec2-46-51-192-210.eu-west-1.compute.amazonaws.com  (46.51.192.210:80)

TCP:
Connects to customer-201-219-184-82.megacable.com.ar  (201.219.184.82:8090)

TCP:
Connects to cross.sweetfood.info  (213.136.67.140:3128)

TCP:
Connects to bzq-80-63-94.static.bezeqint.net  (82.80.63.94:8088)

TCP (HTTP):
Connects to b3dfe30d.virtua.com.br  (179.223.227.13:8080)

TCP:
Connects to 69-2-50.smtp.dataisit.com  (158.69.2.50:3128)

TCP (HTTP):
Connects to 46x146x244x213.static-business.perm.ertelecom.ru  (46.146.244.213:8080)

Remove sentry_mba.exe - Powered by Reason Core Security