ssn.exe

ssn

The application ssn.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program save serp now by SSN Advert Corporation IBC. which is a potentially unwanted software program. While running, it connects to the Internet address 59.152.196.104.bc.googleusercontent.com on port 80 using the HTTP protocol.
Product:
ssn

Version:
1.0.0.0

MD5:
e9d0bb38c30e0305549519ea62cc5838

SHA-1:
efd41dfd5a702252dd535818a9dbc79d81c398ac

SHA-256:
3c265c82d7acdba95c7a6d512c8a31571a4a51018a0d7742b1e51d8164b1ccd0

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/12/2018 9:23:12 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.SSN.Saveup (M)
17.1.12.10

File size:
45 KB (46,080 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2015

Original file name:
ssn.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\ssn\ssn.exe

File PE Metadata
Compilation timestamp:
12/5/2016 12:42:54 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0xBC2E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.6757

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
39.5 KB (40,448 bytes)

The file ssn.exe has been discovered within the following program.

save serp now  by SSN Advert Corporation IBC.
Publisher's description - “The program is designed to collect data relating to the issuance of the search engines. The collected data can be obtained in the form of a simple text file, as well as a SQL-dump format. For more information, you need to contact us for clarification by email.”
saveserpnow.com
About 66% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to xx-fbcdn-shv-01-dft4.fbcdn.net  (157.240.3.24:443)

TCP (HTTP):
Connects to unknown.telstraglobal.net  (210.176.156.21:80)

TCP (HTTP):
Connects to server-54-192-150-69.sin2.r.cloudfront.net  (54.192.150.69:80)

TCP (HTTP):
Connects to px-acs001.quantserve.com.akadns.net  (203.190.124.16:80)

TCP (HTTP):
Connects to ec2-54-85-44-147.compute-1.amazonaws.com  (54.85.44.147:80)

TCP (HTTP):

TCP (HTTP):
Connects to ec2-52-30-111-171.eu-west-1.compute.amazonaws.com  (52.30.111.171:80)

TCP (HTTP):
Connects to ec2-50-19-210-53.compute-1.amazonaws.com  (50.19.210.53:80)

TCP (HTTP):

TCP (HTTP):
Connects to a23-50-253-200.deploy.static.akamaitechnologies.com  (23.50.253.200:80)

TCP (HTTP):

TCP (HTTP):
Connects to prod-hzeu-exebid-lba-5.dca-ops.tech  (213.239.222.23:80)

TCP (HTTP):
Connects to map2.hwcdn.net  (205.185.216.10:80)

TCP (HTTP):

TCP (HTTP):
Connects to ec2-184-73-176-13.compute-1.amazonaws.com  (184.73.176.13:80)

TCP (HTTP):
Connects to dmppixel-shared-mtc-c.evip.aol.com  (64.12.245.38:80)

TCP (HTTP):
Connects to 59.152.196.104.bc.googleusercontent.com  (104.196.152.59:80)

TCP (HTTP):
Connects to tag-direct.ams.contextweb.com  (74.214.194.86:80)

TCP (HTTP):
Connects to stc-185-28-139.videoplaza.net  (185.28.139.15:80)

TCP (HTTP):
Connects to rtas-22.btrll.com  (185.62.216.162:80)

Remove ssn.exe - Powered by Reason Core Security