home

elementclient.exe

MD5:
10525c2676e6910d5ccd82192ffaef61

SHA-1:
6112a7a70df486cf1581cdcf95ee352024c1558b

SHA-256:
24205a49a0b4a27228bfa529b0f4687f17d5022424714626b74d6f57f3c97767

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/26/2024 12:27:27 AM UTC  (today)

Scan engine
Detection
Engine version

Sophos
Mal/Behav-001
4.98

VIPRE Antivirus
Trojan.Win32.Generic
32766

File size:
9 MB (9,410,048 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
12/18/2013 4:18:54 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
196608:YtnZc39oNh5x4UQyy3HDkA7uQ6FqxB6heXPJ:YtnZc3Ax4UQjHDkA7uQ6FWB6heXx

Entry address:
0x6765FC

Entry point:
E8, C2, 0B, 00, 00, E9, 37, FD, FF, FF, FF, 25, B4, C6, B7, 00, 3B, 0D, D8, 2E, CF, 00, 75, 02, F3, C3, E9, 3E, 0C, 00, 00, 8B, FF, 55, 8B, EC, F6, 45, 08, 02, 57, 8B, F9, 74, 25, 56, 68, 50, 74, A7, 00, 8D, 77, FC, FF, 36, 6A, 0C, 57, E8, D2, 00, 00, 00, F6, 45, 08, 01, 74, 07, 56, E8, D8, 8C, EC, FF, 59, 8B, C6, 5E, EB, 14, E8, FD, 0D, 00, 00, F6, 45, 08, 01, 74, 07, 57, E8, C1, 8C, EC, FF, 59, 8B, C7, 5F, 5D, C2, 04, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23...
 
[+]

Code size:
7.5 MB (7,841,280 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to loft10676.serverprofi24.eu  (85.25.218.204:29000)

TCP:
Connects to ns384583.ip-46-105-123.eu  (46.105.123.229:29000)

Scan elementclient.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.