PennyBeeW.exe

PennyBee

The application PennyBeeW.exe has been detected as a potentially unwanted program by 20 anti-malware scanners. This file is typically installed with the program OfferBLVD by Resoft Ltd. which is a potentially unwanted software program. While running, it connects to the Internet address static.vnpt.vn on port 80 using the HTTP protocol.
Product:
PennyBee

Version:
20.0.0.0

MD5:
02418c3533493e0ac6df342d64186d4d

SHA-1:
bf94d0416fd5715274c9450091572409ed613c13

SHA-256:
bcd4ba99882a42125c04b5d394fb498ef8463136fde4b044e562640f8ec4f173

Scanner detections:
20 / 68

Status:
Potentially unwanted

Analysis date:
11/29/2021 7:58:23 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.1261668
590

Agnitum Outpost
PUA.DealPly
7.1.1

Arcabit
Adware.Generic.D134064
1.0.0.425

Baidu Antivirus
Adware.MSIL.Linkury
4.0.3.15625

Bitdefender
Adware.Generic.1261668
1.0.20.880

Emsisoft Anti-Malware
Adware.Generic.1261668
11.5.0.6191

ESET NOD32
MSIL/Toolbar.Linkury.H potentially unwanted application
8.0.319.0

Fortinet FortiGate
Adware/DealPly
6/25/2015

F-Secure
Adware.Generic.1261668
11.2015-25-06_5

G Data
Adware.Generic.1261668
15.6.25

K7 AntiVirus
Adware
13.205.16251

Kaspersky
not-a-virus:HEUR:AdWare.MSIL.DealPly
14.0.0.1833

MicroWorld eScan
Adware.Generic.1261668
16.0.0.528

Norman
Adware.Generic.1261668
28.05.2016 15:32:18

Panda Antivirus
Trj/CI.A
15.06.25.08

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Downloader.ICDP (M)
16.6.2.22

Sophos
Generic PUA LP
4.98

Trend Micro House Call
TROJ_GEN.R01TC0OFG15
7.2.176

Trend Micro
TROJ_GEN.R01TC0OFG15
10.465.25

File size:
302 KB (309,248 bytes)

Product version:
20.0.0.0

Copyright:
Copyright © 2014

Original file name:
PennyBeeW.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\pennybee\pennybeew.exe

File PE Metadata
Compilation timestamp:
5/25/2015 7:37:08 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:KRwCQNf2KAKjrbFtrh3Wh2wOheauYE3CecK3Wc:KRwRp2Wrbch2wee6EV

Entry address:
0x4C8A6

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.3154

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
298.5 KB (305,664 bytes)

The file PennyBeeW.exe has been discovered within the following programs.

OfferBLVD  by Resoft Ltd.
OfferBLVD (SnapDo) is an Smartbar adware applicatication (such as Linkury by Resoft, same distributor) that is an adware (advertising supported) application that is designed for the purpose of displaying unwanted ads, software for PUP (potentially unwanted programs) and other offers.
www.offerblvd.com
79% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to blob.am5prdstr07a.store.core.windows.net  (13.95.96.184:80)

TCP (HTTP):
Connects to static.vnpt.vn  (113.171.244.94:80)

TCP (HTTP):
Connects to 125.235.31.94.adsl.viettel.vn  (125.235.31.94:80)

TCP (HTTP):
Connects to www.duplasena.com.br  (200.201.166.106:80)

TCP (HTTP):
Connects to s3-1.amazonaws.com  (52.216.0.131:80)

TCP (HTTP):
Connects to ec2-54-94-143-133.sa-east-1.compute.amazonaws.com  (54.94.143.133:80)

Remove PennyBeeW.exe - Powered by Reason Core Security