» 111a80.tmp
Overview
Analysis
File Details
Network (2)

111a80.tmp

The file 111a80.tmp has been detected as malware by 21 anti-virus scanners. While running, it connects to the Internet address 50-57-88-236.static.cloud-ips.com on port 25.

File name:

111a80.tmp

MD5:

ada6430f18e52bc7fa40618206c62a17

SHA-1:

fd63479596a2f05195bb1c8e649bdf73dcff3d60

SHA-256:

6e63fc0bc0aad4bf19774b57a53654cbec4a265f7a5a1b0f488a2e1f9f1d5c4c

Scanner detections:

21 / 68

Status:

Malware

Analysis date:

5/27/2024 9:25:09 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Trojan/Win32.Jorik

2013.08.05

Avira AntiVirus

TR/Dropper.Gen

7.11.94.246

avast!

Win32:Downloader-TTM [Trj]

2014.9-160713

AVG

Crypt_s

2017.0.2684

Bitdefender

Gen:Variant.Kazy.178254

1.0.20.975

Dr.Web

BackDoor.Bulknet.958

9.0.1.0195

Emsisoft Anti-Malware

Gen:Variant.Kazy.178254

8.16.07.13.09

ESET NOD32

Win32/Kryptik.BEVU (variant)

10.8649

F-Secure

Gen:Variant.Kazy.178254

11.2016-13-07_4

G Data

Gen:Variant.Kazy.178254

16.7.22

IKARUS anti.virus

Trojan.Crypt_s

t3scan.2.0.3.0

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.-87

Malwarebytes

Trojan.Inject

v2016.07.13.09

McAfee

RDN/Generic.grp!fi

5600.6340

MicroWorld eScan

Gen:Variant.Kazy.178254

17.0.0.585

Panda Antivirus

Trj/Genetic.gen

16.07.13.09

SUPERAntiSpyware

Trojan.Agent/Gen-Kazy

9024

Trend Micro House Call

BKDR_PUSHDO.SMP

7.2.195

Trend Micro

BKDR_PUSHDO.SMP

10.465.13

Vba32 AntiVirus

Trojan.MTA.0230

3.12.22.3

VIPRE Antivirus

Trojan.Win32.Cutwail.a

20156

File size:

39.5 KB (40,448 bytes)

Common path:

C:\users\{user}\appdata\local\temp\111a80.tmp

File PE Metadata

Compilation timestamp:

2/29/2004 5:44:01 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.12

CTPH (ssdeep):

768:4CSCNK6OeBO4TcdSx8/BM0ChUYzwVAxx05+U/IYrr8O:4CnOZ4QAx8/DC3wVu0wbYn8

Entry address:

0x1000

Entry point:

68, A5, 10, F0, 09, B8, 30, 12, F0, 09, 97, FF, D7, 68, 9A, 10, F0, 09, 50, E8, 6D, 01, 00, 00, A3, 10, 30, F0, 09, 6A, 00, E8, 0C, 02, 00, 00, A3, 3C, 30, F0, 09, 68, 00, 20, 00, 00, 6A, 00, 6A, 00, 6A, 00, 6A, 08, FF, 35, 3C, 30, F0, 09, 68, 8F, 10, F0, 09, E8, EA, 01, 00, 00, 68, AF, 10, F0, 09, 50, E8, E5, 01, 00, 00, FF, D0, A3, 30, 30, F0, 09, 8D, 3D, 18, 30, F0, 09, B9, 18, 00, 00, 00, 33, C0, FC, F3, AA, 8D, 05, 18, 30, F0, 09, 50, 6A, 18, FF, 35, 30, 30, F0, 09, FF, 15, 10, 30, F0, 09, 8D, 05, 2C... 
[+]

Code size:

1024 Bytes (1,024 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www-vip15.dmz.fedex.com (204.135.8.155:80)

TCP (SMTP):

Connects to 50-57-88-236.static.cloud-ips.com (50.57.88.236:25)

Remove 111a80.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.