» spacesoundpro.exe
Overview
Analysis
File Details
Behaviors (1)
Network (2)

spacesoundpro.exe

Space Sound Pro

The application spacesoundpro.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SpaceSoundPro’. While running, it connects to the Internet address euve246913.serverprofi24.com on port 80 using the HTTP protocol.

File name:

spacesoundpro.exe

Publisher:

Space Sound Pro

Product:

Space Sound Pro

Version:

1.2.0.5

MD5:

3bfe76a9b4b9c341eabb5efabf0b35aa

SHA-1:

000a222b8bb791b59978c8373428d5b1f58ec1a0

SHA-256:

73c8aa86425217190118bcd476f44fd024aad019752217125c9fed5c244ca3a3

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/24/2024 8:03:48 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.SpaceSoundPro.Meta (M)

15.12.24.11

File size:

4 MB (4,203,520 bytes)

Product version:

1.3.2.0

Original file name:

Space Sound Pro.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\spacesoundpro\spacesoundpro.exe

File PE Metadata

Compilation timestamp:

8/3/2015 4:34:09 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

98304:EVA8ag8qMqxeE4Q2NnOqDaQItbnS44pXj7K:HkMbL/cnS44pXj

Entry address:

0x111895

Entry point:

E8, CE, 9D, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, 70, F7, 58, 00, 75, 02, F3, C3, E9, 55, 9E, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 14, 56, 85, C0, 74, 41, 83, 7D, 08, 00, 75, 13, E8, 34, 55, 00, 00, 6A, 16, 5E, 89, 30, E8, C3, A0, 00, 00, 8B, C6, EB, 2A, 83, 7D, 10, 00, 74, E7, 39, 45, 0C, 73, 0E, E8, 16, 55, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, DE, 50, FF, 75, 10, FF, 75, 08, E8, 87, 01, 00, 00, 83, C4, 0C, 33, C0, 5E, 5D, C3, 8B, 41, 04, 85, C0, 75, 05, B8, CC, 6C, 56, 00, C3, 8B, FF, 55, 8B, EC, 83, 7D... 
[+]

Code size:

1.3 MB (1,310,720 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

SpaceSoundPro

Command:

"C:\Program Files\spacesoundpro\spacesoundpro.exe"

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to ip-184-168-221-43.ip.secureserver.net (184.168.221.43:443)

TCP (HTTP):

Connects to euve246913.serverprofi24.com (62.75.142.165:80)

Remove spacesoundpro.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.