spacesoundpro.exe

Space Sound Pro

The application spacesoundpro.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SpaceSoundPro’. While running, it connects to the Internet address euve246913.serverprofi24.com on port 80 using the HTTP protocol.
Publisher:
Space Sound Pro

Product:
Space Sound Pro

Version:
1.2.0.5

MD5:
3bfe76a9b4b9c341eabb5efabf0b35aa

SHA-1:
000a222b8bb791b59978c8373428d5b1f58ec1a0

SHA-256:
73c8aa86425217190118bcd476f44fd024aad019752217125c9fed5c244ca3a3

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
10/22/2017 9:35:27 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.SpaceSoundPro.Meta (M)
15.12.24.11

File size:
4 MB (4,203,520 bytes)

Product version:
1.3.2.0

Copyright:
SpaceSoundPro. All rights reserved.

Original file name:
Space Sound Pro.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\spacesoundpro\spacesoundpro.exe

File PE Metadata
Compilation timestamp:
8/3/2015 4:34:09 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:EVA8ag8qMqxeE4Q2NnOqDaQItbnS44pXj7K:HkMbL/cnS44pXj

Entry address:
0x111895

Entry point:
E8, CE, 9D, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, 70, F7, 58, 00, 75, 02, F3, C3, E9, 55, 9E, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 14, 56, 85, C0, 74, 41, 83, 7D, 08, 00, 75, 13, E8, 34, 55, 00, 00, 6A, 16, 5E, 89, 30, E8, C3, A0, 00, 00, 8B, C6, EB, 2A, 83, 7D, 10, 00, 74, E7, 39, 45, 0C, 73, 0E, E8, 16, 55, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, DE, 50, FF, 75, 10, FF, 75, 08, E8, 87, 01, 00, 00, 83, C4, 0C, 33, C0, 5E, 5D, C3, 8B, 41, 04, 85, C0, 75, 05, B8, CC, 6C, 56, 00, C3, 8B, FF, 55, 8B, EC, 83, 7D...
 
[+]

Code size:
1.3 MB (1,310,720 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SpaceSoundPro

Command:
"C:\Program Files\spacesoundpro\spacesoundpro.exe"


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to ip-184-168-221-43.ip.secureserver.net  (184.168.221.43:443)

TCP (HTTP):
Connects to euve246913.serverprofi24.com  (62.75.142.165:80)

Remove spacesoundpro.exe - Powered by Reason Core Security