Si bien con el EliPups de ayer ya ofreciamos deteccion y posible desinstalacion de este PUP, viendo que tiene efectos sobre las utilidades antimalwares (por ejemplo, el listado del SProces queda cortado), pasamos a controlarlo especificamente a partir del ElistarA 30.31 de hoy, aunque no lo detecte actualmente ningun AV de virustotal:
SHA256: 4074369b1e39653ad0b0ff59edd601b68a806a082d992d60e38617c81e55a64c
Nombre: PennyBee.exe
Detecciones: 0 / 54
Fecha de análisis: 2014-07-02 12:57:40 UTC
MD5 ebb2cb19fbd58922265bf504bdb34143
SHA1 7a75e02558327c24550df3cfc4344bb162853db5
Tamaño del fichero 479.6 KB ( 491064 bytes )
La información obtenida al respecto por otros medios es:
File name:PennyBee.exe
Publisher:Penny Bee Agent (signed by Jambo Digital Ltd)
Product:Penny Bee
Version:1.1.0.13
MD5:3e01a07597677e78805a1947e0b52a8e
SHA-1:3ed7ee1d09e076f44d9e2a6da2f6998728deae5c
SHA-256:5fd311e80fdba709d80c11d8032ec7dd14de17245d2585c17257bd4f6c2e377e
Analysis
Scanner detections:1 / 68
Status:Adware
Note:Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.
Analysis date:6/24/2014 3:09:46 PM UTC (14 days ago)
Scan engineDetectionEngine version
Reason HeuristicsPUP.Task.JamboDigital.I14.6.24.11
File Details
File size:454.1 KB (464,952 bytes)
Product version:1.1.0.13
Copyright:Copyright Penny Bee© 2014, All rights Reserved
Original file name:PennyBee.exe
File type:Executable application (Win32 EXE)
Language:English (United States)
Common path:C:\ProgramData\pennybee\pennybee.exe
Digital Signature
Signed by:Jambo Digital Ltd
Authority:COMODO CA Limited
Valid from:5/28/2014 7:00:00 AM
Valid to:5/28/2017 6:59:59 AM
Subject:CN=Jambo Digital Ltd, OU=Jambo Digital Ltd, O=Jambo Digital Ltd, STREET=2 Kaufman Yehezkel, STREET=tel aviv, L=tel aviv, S=TEL AVIV-JAFFA, PostalCode=6801294, C=IL
Issuer:CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
Serial number:00C458EED8E9EAA77E97499968CD5DD6B9
File PE Metadata
Compilation timestamp:6/18/2014 7:30:37 PM
OS version:5.1
OS bitness:Win32
Subsystem:Windows GUI
Linker version:10.0
CTPH (ssdeep):12288:D5odcgNkNRUwrIpQ7jFZ9jkh21MWglBcxi++ElnIK:9odcxN2oIWZlkcBCcxi+9N
Entry address:0x32F96
Entry point:E8, 2A, BF, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, 10, 07, 46, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 8C, B2, 44, 00, 33, C0, 39, 5D, 28, 53, 53, FF, 75, 18, 0F, 95, C0, FF, 75, 14, 8D, 04, C5, 01, 00, 00, 00, 50, FF, 75, 24, FF, D6, 8B, F8, 89...
Entropy:6.4080
Code size:296 KB (303,104 bytes)
Behaviors
Scheduled TaskTask name:pennybee Runner
Trigger:Logon (Runs on logon)
Action:pennybee.exe \task=4 \installon=0 \closebr=0 \active=24 \update
Programs
The file PennyBee.exe has been discovered within the following program.
Penny Bee by pennybee
About 1% of users remove it
Powered by Should I Remove It?
Network Communications
The executing file has been seen to make the following network communications in live environments.
TCP (HTTP):Connects to server-54-230-207-132.atl50.r.cloudfront.net (54.230.207.132:80)
TCP (HTTP):Connects to ec2-107-21-244-247.compute-1.amazonaws.com (107.21.244.247:80)
Related
1 / 68 (Adware)tmut21270.dll (7a75e02558327c24550df3cfc4344bb162853db5)
Fuente: http://www.herdprotect.com/pennybee.exe ... eae5c.aspx
Al parecer el pais de mas propagacion actual es Italia.
Dicha version del ElistarA 30.31 que lo detecta y elimina, estará disponible en nuestra web a partir de las 15 h CEST de hoy.
saludos
ms, 8-7-2014
SHA256: 4074369b1e39653ad0b0ff59edd601b68a806a082d992d60e38617c81e55a64c
Nombre: PennyBee.exe
Detecciones: 0 / 54
Fecha de análisis: 2014-07-02 12:57:40 UTC
MD5 ebb2cb19fbd58922265bf504bdb34143
SHA1 7a75e02558327c24550df3cfc4344bb162853db5
Tamaño del fichero 479.6 KB ( 491064 bytes )
La información obtenida al respecto por otros medios es:
File name:PennyBee.exe
Publisher:Penny Bee Agent (signed by Jambo Digital Ltd)
Product:Penny Bee
Version:1.1.0.13
MD5:3e01a07597677e78805a1947e0b52a8e
SHA-1:3ed7ee1d09e076f44d9e2a6da2f6998728deae5c
SHA-256:5fd311e80fdba709d80c11d8032ec7dd14de17245d2585c17257bd4f6c2e377e
Analysis
Scanner detections:1 / 68
Status:Adware
Note:Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.
Analysis date:6/24/2014 3:09:46 PM UTC (14 days ago)
Scan engineDetectionEngine version
Reason HeuristicsPUP.Task.JamboDigital.I14.6.24.11
File Details
File size:454.1 KB (464,952 bytes)
Product version:1.1.0.13
Copyright:Copyright Penny Bee© 2014, All rights Reserved
Original file name:PennyBee.exe
File type:Executable application (Win32 EXE)
Language:English (United States)
Common path:C:\ProgramData\pennybee\pennybee.exe
Digital Signature
Signed by:Jambo Digital Ltd
Authority:COMODO CA Limited
Valid from:5/28/2014 7:00:00 AM
Valid to:5/28/2017 6:59:59 AM
Subject:CN=Jambo Digital Ltd, OU=Jambo Digital Ltd, O=Jambo Digital Ltd, STREET=2 Kaufman Yehezkel, STREET=tel aviv, L=tel aviv, S=TEL AVIV-JAFFA, PostalCode=6801294, C=IL
Issuer:CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
Serial number:00C458EED8E9EAA77E97499968CD5DD6B9
File PE Metadata
Compilation timestamp:6/18/2014 7:30:37 PM
OS version:5.1
OS bitness:Win32
Subsystem:Windows GUI
Linker version:10.0
CTPH (ssdeep):12288:D5odcgNkNRUwrIpQ7jFZ9jkh21MWglBcxi++ElnIK:9odcxN2oIWZlkcBCcxi+9N
Entry address:0x32F96
Entry point:E8, 2A, BF, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, 10, 07, 46, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 8C, B2, 44, 00, 33, C0, 39, 5D, 28, 53, 53, FF, 75, 18, 0F, 95, C0, FF, 75, 14, 8D, 04, C5, 01, 00, 00, 00, 50, FF, 75, 24, FF, D6, 8B, F8, 89...
Entropy:6.4080
Code size:296 KB (303,104 bytes)
Behaviors
Scheduled TaskTask name:pennybee Runner
Trigger:Logon (Runs on logon)
Action:pennybee.exe \task=4 \installon=0 \closebr=0 \active=24 \update
Programs
The file PennyBee.exe has been discovered within the following program.
Penny Bee by pennybee
About 1% of users remove it
Powered by Should I Remove It?
Network Communications
The executing file has been seen to make the following network communications in live environments.
TCP (HTTP):Connects to server-54-230-207-132.atl50.r.cloudfront.net (54.230.207.132:80)
TCP (HTTP):Connects to ec2-107-21-244-247.compute-1.amazonaws.com (107.21.244.247:80)
Related
1 / 68 (Adware)tmut21270.dll (7a75e02558327c24550df3cfc4344bb162853db5)
Fuente: http://www.herdprotect.com/pennybee.exe ... eae5c.aspx
Al parecer el pais de mas propagacion actual es Italia.
Dicha version del ElistarA 30.31 que lo detecta y elimina, estará disponible en nuestra web a partir de las 15 h CEST de hoy.
saludos
ms, 8-7-2014