» 0224.exe
Overview
Analysis
File Details
Network (3)

0224.exe

TODO:

TODO: <Company name>

The application 0224.exe, “TODO: <File description>” has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address server1.pcinc.com on port 80 using the HTTP protocol.

File name:

0224.exe

Publisher:

TODO:

Product:

TODO: <Product name>

Description:

TODO: <File description>

Version:

1.0.0.1

MD5:

f322ba6369a0d35f104ec04d7ccba10d

SHA-1:

262e49fb60b47eb707dea45925bcc659565173dd

SHA-256:

9cc85617f023c9601868325f81dd3315579b2b48bd95f5fcbc2e26dd087ec827

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/30/2024 4:49:14 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Adware.Dropper

17.2.27.23

File size:

1.3 MB (1,356,288 bytes)

Product version:

1.0.0.1

Original file name:

NewTempl.exe

File type:

Executable application (Win32 EXE)

Language:

Russian (Russia)

File PE Metadata

Compilation timestamp:

2/27/2017 7:51:17 AM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

14.0

Entry address:

0x125A05

Entry point:

E8, AD, 03, 00, 00, E9, 8E, FE, FF, FF, 55, 8B, EC, 6A, 00, FF, 15, 1C, 20, 54, 00, FF, 75, 08, FF, 15, 18, 20, 54, 00, 68, 09, 04, 00, C0, FF, 15, 20, 20, 54, 00, 50, FF, 15, 24, 20, 54, 00, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 75, 8E, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, 80, 88, 54, 00, 89, 0D, 7C, 88, 54, 00, 89, 15, 78, 88, 54, 00, 89, 1D, 74, 88, 54, 00, 89, 35, 70, 88, 54, 00, 89, 3D, 6C, 88, 54, 00, 66, 8C, 15, 98, 88, 54, 00, 66, 8C, 0D, 8C, 88, 54, 00, 66, 8C, 1D, 68... 
[+]

Entropy:

3.3548

Code size:

1.3 MB (1,311,744 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to server1.pcinc.com (64.34.164.167:80)

TCP (HTTP):

Connects to ec2-54-88-21-193.compute-1.amazonaws.com (54.88.21.193:80)

TCP (HTTP):

Connects to 174.127.72.205.server.ready2hostu.info (174.127.72.205:80)

Remove 0224.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.