» ummyvd-web-loader.exe
Overview
Analysis
File Details
Downloads (301)
Network (3)

ummyvd-web-loader.exe

Magicbit, Inc

The application ummyvd-web-loader.exe by Magicbit, Inc has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from videodownloader.ummy.net and multiple other hosts. While running, it connects to the Internet address europe-20.banahosting.com on port 80 using the HTTP protocol.

File name:

Publisher:

Magicbit, Inc (signed and verified)

MD5:

278c96209446e058d3b5d4040f9d4e83

SHA-1:

4a5f0ac7787c2bd6bb04915f6e692aeb2fab5c5d

SHA-256:

d06f5d2b0fd2647179b22f8b553395eba0d50cb778b09c739b8b8bb32650dc60

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

5/22/2024 7:43:41 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Magicbit.Downloader.Meta (M)

16.3.31.18

File size:

401.4 KB (411,008 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\ummyvd-web-loader.exe

Digital Signature

Signed by:

Magicbit, Inc

Authority:

COMODO CA Limited

Valid from:

4/21/2014 2:00:00 AM

Valid to:

4/21/2017 1:59:59 AM

Subject:

CN="Magicbit, Inc", O="Magicbit, Inc", STREET="901 N. Pitt Street, Suite 325", L=Alexandria, S=VA, PostalCode=22314, C=US

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00B5B2652535A2ACE1ACBFF9D5D7816AD4

File PE Metadata

Compilation timestamp:

7/27/2015 11:04:24 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

6144:/MagJMUuj+9VVTMCb1sIAiL9Wyehj5ugaBEkmtXZIzJMcUewGWlS:0JJMUuK9HTMbjZaBLmApwGQS

Entry address:

0x4CA64

Entry point:

55, 8B, EC, B9, 0A, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, 56, 57, B8, 00, 8A, 44, 00, E8, AC, D1, FB, FF, BF, 10, 40, 45, 00, 33, C0, 55, 68, DE, CD, 44, 00, 64, FF, 30, 64, 89, 20, E8, 0C, 9C, FF, FF, 33, D2, 55, 68, A2, CD, 44, 00, 64, FF, 32, 64, 89, 22, 6A, 00, 68, A4, 74, 44, 00, 6A, 00, 68, F0, CD, 44, 00, A1, 50, 1C, 45, 00, 50, E8, 99, DC, FB, FF, 89, 07, 83, 3F, 00, 0F, 84, C0, 02, 00, 00, B2, 01, B8, 10, CE, 44, 00, E8, 42, A7, FF, FF, 8B, 1F, 8D, 55, D0, B8, 01, 00, 00, 00, E8, AF, 98, FF... 
[+]

Entropy:

6.5574

Developed / compiled with:

Microsoft Visual C++

Code size:

302.5 KB (309,760 bytes)

The file ummyvd-web-loader.exe has been seen being distributed by the following 50 URLs.

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-vketL3W28kY].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-gRdaIqQM-Js].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[111-yt-Juq2suL-d3A].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-N-aK6JnyFmk].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-_1p3spR9Gd4].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-WX1G58VdUCI].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt--6kQGBnSjvc].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[113-yt-oBu-pQG6sTY].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[114-rt-7649742].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[113-yt-amdaFc7O7G8].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-ajCpk_QsXnY].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-nsDwItoNlLc].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-sHllbEFeZ3U].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-qu1MNU08Au0].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-QuNhTLVgV2Y].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-me-yXQIkqps].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[113-yt-EfF9EE6ZR5E].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[113-yt-iTMReN9C1iI].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-YPl9WVm3gSg].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-yeE-sbNw9hU].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-aLpy1hSB-bA].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-VNCZ5Hm5BSY].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-cVghLB5gISM].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[130-yt-tAbRZUeNeWc].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[130-yt-WfNGDfcbUwQ].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-EJd8zqN3zTw].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[130-yt-fgyGevGWIXQ].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-jIE4XCdz-HI].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[129-yt-hTWKbfoikeg].exe

http://videodownloader.ummy.net/.../UmmyVD-Web-Loader-[113-yt-g4AyBO57sUE].exe

Latest 30 of 301 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to europe-20.banahosting.com (46.23.65.197:80)

TCP (HTTP SSL):

Connects to ip-41-74-24-98.orange.mg (41.74.24.98:443)

TCP (HTTP SSL):

Connects to sa-in-f138.1e100.net (74.125.200.138:443)

Remove ummyvd-web-loader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.