» 00980003.exe
Overview
Analysis
File Details
Network (2)

00980003.exe

The executable 00980003.exe has been detected as malware by 1 anti-virus scanner. While running, it connects to the Internet address nepacrossroads.com on port 80 using the HTTP protocol.

File name:

00980003.exe

MD5:

94b73a992e9c3e3067b041b3bbb929ac

SHA-1:

096fcf20a0324fc8bf76d23f3429927166b51c88

SHA-256:

8cf5f8961d5ea2eb47f12839516546adddcd85c968f7dcab086aae1558e7cfc8

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

4/26/2024 11:07:33 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Threat.Win.Reputation.IMP

16.11.29.22

File size:

37.5 KB (38,400 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\temp\00980003.exe

File PE Metadata

Compilation timestamp:

6/20/1992 12:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

768:QVyAqcQ4gBdyj5O6Gn2F/AIssWSaUvsjgv0xMLb5+:7AqcQ40dmGnussWSaUvGLxMx

Entry address:

0x853C

Entry point:

55, 8B, EC, B9, 08, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, B8, EC, 84, 40, 00, E8, 8D, BE, FF, FF, 33, C0, 55, 68, 16, 87, 40, 00, 64, FF, 30, 64, 89, 20, C6, 05, B0, D5, 5B, 06, 00, 8D, 55, E8, B8, 2C, 87, 40, 00, E8, 27, C2, FF, FF, 8B, 45, E8, 8D, 55, EC, E8, 20, C3, FF, FF, 8B, 55, EC, B8, E0, D5, 5B, 06, E8, 5B, B4, FF, FF, 8D, 55, E0, B8, 54, 87, 40, 00, E8, 02, C2, FF, FF, 8B, 45, E0, 8D, 55, E4, E8, FB, C2, FF, FF, 8B, 55, E4, B8, E4, D5, 5B, 06, E8, 36, B4, FF, FF, 8D, 55, D8, B8, 7C, 87... 
[+]

Entropy:

6.3550

Developed / compiled with:

Microsoft Visual C++

Code size:

30.5 KB (31,232 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to nepacrossroads.com (69.73.146.169:80)

TCP (HTTP):

Connects to n1nlhg78c1019.shr.prod.ams1.secureserver.net (188.121.55.128:80)

Remove 00980003.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.