» PennyBeeW.exe
Overview
Analysis
File Details
Programs (1)
Network (25)

PennyBeeW.exe

PennyBee

The application PennyBeeW.exe has been detected as a potentially unwanted program by 20 anti-malware scanners. This file is typically installed with the program OfferBLVD by Resoft Ltd. which is a potentially unwanted software program. While running, it connects to the Internet address static.vnpt.vn on port 80 using the HTTP protocol.

File name:

PennyBeeW.exe

Product:

PennyBee

Version:

20.0.0.0

MD5:

02418c3533493e0ac6df342d64186d4d

SHA-1:

bf94d0416fd5715274c9450091572409ed613c13

SHA-256:

bcd4ba99882a42125c04b5d394fb498ef8463136fde4b044e562640f8ec4f173

Scanner detections:

20 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 6:23:33 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Generic.1261668

590

Agnitum Outpost

PUA.DealPly

7.1.1

Arcabit

Adware.Generic.D134064

1.0.0.425

Baidu Antivirus

Adware.MSIL.Linkury

4.0.3.15625

Bitdefender

Adware.Generic.1261668

1.0.20.880

Emsisoft Anti-Malware

Adware.Generic.1261668

11.5.0.6191

ESET NOD32

MSIL/Toolbar.Linkury.H potentially unwanted application

8.0.319.0

Fortinet FortiGate

Adware/DealPly

6/25/2015

F-Secure

Adware.Generic.1261668

11.2015-25-06_5

G Data

Adware.Generic.1261668

15.6.25

K7 AntiVirus

Adware

13.205.16251

Kaspersky

not-a-virus:HEUR:AdWare.MSIL.DealPly

14.0.0.1833

MicroWorld eScan

Adware.Generic.1261668

16.0.0.528

Norman

Adware.Generic.1261668

28.05.2016 15:32:18

Panda Antivirus

Trj/CI.A

15.06.25.08

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.Downloader.ICDP (M)

16.6.2.22

Sophos

Generic PUA LP

4.98

Trend Micro House Call

TROJ_GEN.R01TC0OFG15

7.2.176

Trend Micro

TROJ_GEN.R01TC0OFG15

10.465.25

File size:

302 KB (309,248 bytes)

Product version:

20.0.0.0

Original file name:

PennyBeeW.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\pennybee\pennybeew.exe

File PE Metadata

Compilation timestamp:

5/25/2015 7:37:08 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:KRwCQNf2KAKjrbFtrh3Wh2wOheauYE3CecK3Wc:KRwRp2Wrbch2wee6EV

Entry address:

0x4C8A6

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.3154

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

298.5 KB (305,664 bytes)

The file PennyBeeW.exe has been discovered within the following programs.

OfferBLVD by Resoft Ltd.

OfferBLVD (SnapDo) is an Smartbar adware applicatication (such as Linkury by Resoft, same distributor) that is an adware (advertising supported) application that is designed for the purpose of displaying unwanted ads, software for PUP (potentially unwanted programs) and other offers.

www.offerblvd.com

79% remove it

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to blob.am5prdstr07a.store.core.windows.net (13.95.96.184:80)

TCP (HTTP):

Connects to static.vnpt.vn (113.171.244.94:80)

TCP (HTTP):

Connects to 125.235.31.94.adsl.viettel.vn (125.235.31.94:80)

TCP (HTTP):

Connects to www.duplasena.com.br (200.201.166.106:80)

TCP (HTTP):

Connects to s3-1.amazonaws.com (52.216.0.131:80)

TCP (HTTP):

Connects to ec2-54-94-143-133.sa-east-1.compute.amazonaws.com (54.94.143.133:80)

Remove PennyBeeW.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.