home

tby6oayf.exe

Orange Room Interactive

The file tby6oayf.exe by Orange Room Interactive has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Orange Room Interactive  (signed and verified)

MD5:
230beaf5abc8e8d6c10d2fb5e05a5ee1

SHA-1:
1ea9ab302b3b1b27a346dd8fd0473f3e55242750

SHA-256:
8752a9989b904c37ee222f06cdfab0db68aac0294311451ad4b2568e4cc2d61a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
4/20/2024 1:34:36 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.OrangeRoom (M)
17.2.26.19

File size:
113.8 KB (116,512 bytes)

Common path:
C:\users\{user}\appdata\local\temp\tby6oayf.exe.part

Digital Signature
Signed by:
Orange Room Interactive

Authority:
GoDaddy.com, Inc.

Valid from:
5/19/2016 5:51:38 PM

Valid to:
5/19/2017 5:51:38 PM

Subject:
CN=Orange Room Interactive, O=Orange Room Interactive, L=San Francisco, S=California, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
6807B9DA74814348

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-52-6-18-250.compute-1.amazonaws.com  (52.6.18.250:80)

TCP (HTTP):
Connects to post.securestudies.com  (165.193.78.234:80)

TCP (HTTP):
Connects to freeroms.com  (216.108.234.132:80)

TCP (HTTP):
Connects to a88-221-117-90.deploy.akamaitechnologies.com  (88.221.117.90:80)

TCP (HTTP):
Connects to a88-221-116-137.deploy.akamaitechnologies.com  (88.221.116.137:80)

TCP (HTTP SSL):
Connects to a104-106-239-110.deploy.static.akamaitechnologies.com  (104.106.239.110:443)

TCP (HTTP):
Connects to IP-115-107.MCS.napinfo.net  (119.110.115.107:80)

TCP (HTTP):
Connects to a23-14-84-177.deploy.static.akamaitechnologies.com  (23.14.84.177:80)

TCP (HTTP):
Connects to 61-91-166-40.static.asianet.co.th  (61.91.166.40:80)

Remove tby6oayf.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.