ssn.exe

ssn

The application ssn.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address 216.172.56.42.serverel.net on port 80 using the HTTP protocol.
Product:
ssn

Version:
1.0.0.0

MD5:
c9838da490f411160054ad4747b1b07c

SHA-1:
a1e32595a69b74ffd4b3870def2535f4a1941766

SHA-256:
b98c2f3857c054f85b3d7fa8c56980beeb216159b4f91d6b36054c820fee1c0a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/13/2016 4:10:01 PM UTC  (eleven months)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.SSN.Saveup (M)
16.12.13.11

File size:
45 KB (46,080 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2015

Original file name:
ssn.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\ssn\ssn.exe

File PE Metadata
Compilation timestamp:
12/6/2016 12:25:33 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0xBBFE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
39.5 KB (40,448 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 216.172.56.42.serverel.net  (216.172.56.42:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-hkg3.fbcdn.net  (31.13.95.12:443)

TCP (HTTP):
Connects to ssp.rambler.ru  (91.192.148.14:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-hkg3.facebook.com  (31.13.95.36:443)

TCP (HTTP):
Connects to ec2-54-148-44-136.us-west-2.compute.amazonaws.com  (54.148.44.136:80)

TCP (HTTP):
Connects to ec2-52-71-87-48.compute-1.amazonaws.com  (52.71.87.48:80)

TCP (HTTP SSL):
Connects to ec2-52-210-66-242.eu-west-1.compute.amazonaws.com  (52.210.66.242:443)

TCP (HTTP SSL):
Connects to ec2-52-1-139-99.compute-1.amazonaws.com  (52.1.139.99:443)

TCP (HTTP):
Connects to c4.3e.559e.ip4.static.sl-reverse.com  (158.85.62.196:80)

TCP (HTTP):
Connects to static.criteo.net  (178.250.2.74:80)

TCP (HTTP):
Connects to server-54-192-75-249.hkg50.r.cloudfront.net  (54.192.75.249:80)

TCP (HTTP):
Connects to dis.criteo.com  (178.250.2.76:80)

TCP (HTTP):
Connects to cas.criteo.com  (178.250.2.71:80)

TCP (HTTP SSL):
Connects to cache.google.com  (188.43.68.170:443)

TCP (HTTP):
Connects to a184-50-172-168.deploy.static.akamaitechnologies.com  (184.50.172.168:80)

TCP (HTTP):
Connects to a104-81-125-61.deploy.static.akamaitechnologies.com  (104.81.125.61:80)

TCP (HTTP):
Connects to a104-81-123-199.deploy.static.akamaitechnologies.com  (104.81.123.199:80)

TCP (HTTP):
Connects to 62-140-236-139.fiord.ru  (62.140.236.139:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-waw1.fbcdn.net  (31.13.81.13:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-fra3.fbcdn.net  (31.13.93.7:443)

Remove ssn.exe - Powered by Reason Core Security