home

ssn.exe

ssn

The application ssn.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program save serp now by SSN Advert Corporation IBC. which is a potentially unwanted software program. While running, it connects to the Internet address 216.172.56.42.serverel.net on port 80 using the HTTP protocol.
Product:
ssn

Version:
1.0.0.0

MD5:
c9838da490f411160054ad4747b1b07c

SHA-1:
a1e32595a69b74ffd4b3870def2535f4a1941766

SHA-256:
b98c2f3857c054f85b3d7fa8c56980beeb216159b4f91d6b36054c820fee1c0a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/10/2024 3:16:28 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.SSN.Saveup (M)
16.12.13.11

File size:
45 KB (46,080 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2015

Original file name:
ssn.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\ssn\ssn.exe

File PE Metadata
Compilation timestamp:
12/6/2016 12:25:33 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0xBBFE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
39.5 KB (40,448 bytes)

The file ssn.exe has been discovered within the following program.

save serp now  by SSN Advert Corporation IBC.
Publisher's description - “The program is designed to collect data relating to the issuance of the search engines. The collected data can be obtained in the form of a simple text file, as well as a SQL-dump format. For more information, you need to contact us for clarification by email.”
saveserpnow.com
About 66% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 216.172.56.42.serverel.net  (216.172.56.42:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-hkg3.fbcdn.net  (31.13.95.12:443)

TCP (HTTP):
Connects to ssp.rambler.ru  (91.192.148.14:80)

TCP (HTTP SSL):
Connects to edge-star-mini-shv-01-hkg3.facebook.com  (31.13.95.36:443)

TCP (HTTP):
Connects to ec2-54-148-44-136.us-west-2.compute.amazonaws.com  (54.148.44.136:80)

TCP (HTTP):
Connects to ec2-52-71-87-48.compute-1.amazonaws.com  (52.71.87.48:80)

TCP (HTTP SSL):
Connects to ec2-52-210-66-242.eu-west-1.compute.amazonaws.com  (52.210.66.242:443)

TCP (HTTP SSL):
Connects to ec2-52-1-139-99.compute-1.amazonaws.com  (52.1.139.99:443)

TCP (HTTP):
Connects to c4.3e.559e.ip4.static.sl-reverse.com  (158.85.62.196:80)

TCP (HTTP):
Connects to static.criteo.net  (178.250.2.74:80)

TCP (HTTP):
Connects to server-54-192-75-249.hkg50.r.cloudfront.net  (54.192.75.249:80)

TCP (HTTP):
Connects to dis.criteo.com  (178.250.2.76:80)

TCP (HTTP):
Connects to cas.criteo.com  (178.250.2.71:80)

TCP (HTTP SSL):
Connects to cache.google.com  (188.43.68.170:443)

TCP (HTTP):
Connects to a184-50-172-168.deploy.static.akamaitechnologies.com  (184.50.172.168:80)

TCP (HTTP):
Connects to a104-81-125-61.deploy.static.akamaitechnologies.com  (104.81.125.61:80)

TCP (HTTP):
Connects to a104-81-123-199.deploy.static.akamaitechnologies.com  (104.81.123.199:80)

TCP (HTTP):
Connects to 62-140-236-139.fiord.ru  (62.140.236.139:80)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-waw1.fbcdn.net  (31.13.81.13:443)

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-fra3.fbcdn.net  (31.13.93.7:443)

Remove ssn.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.