» ipdgqv54a5.exe
Overview
Analysis
File Details
Network (3)

ipdgqv54a5.exe

The executable ipdgqv54a5.exe has been detected as malware by 7 anti-virus scanners. While running, it connects to the Internet address mailrelay.203.website.ws on port 15000.

File name:

ipdgqv54a5.exe

MD5:

aac60aced5c476bfea5b4aba0869d91a

SHA-1:

0f720715f23eaa57674d4baf10f0adb7a3281b09

SHA-256:

b1d4da6c002e92af2ebca16a74f6e10e78324c3cb87b4cc75397147b942e2c45

Scanner detections:

7 / 68

Status:

Malware

Analysis date:

4/25/2024 11:16:38 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Dr.Web

Trojan.DownLoader15.53621

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Barys.51485

11.5.0.6191

ESET NOD32

MSIL/Injector.KYM trojan

8.0.319.0

F-Secure

Variant.Barys.51485

5.15.96

McAfee

Virus.Artemis!AAC60ACED5C4

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.221.795.0

Norman

Gen:Variant.Barys.51485

19.05.2016 05:17:13

File size:

218 KB (223,232 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\lolclient\local store\ipdgqv54a5.exe

File PE Metadata

Compilation timestamp:

7/23/2015 1:09:33 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:adrNaGSQzNSwSj+/tpeyNqvER/BvZAtUdxMTcPppBZfFzpZRWpYxF09pB:aa7Qzz/eowER/tZAadxMCvBRhTR0GCH

Entry address:

0x1DF7E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.2388

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

112 KB (114,688 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to mailrelay.203.website.ws (64.70.19.203:15000)

TCP (HTTP):

Connects to 45.63.18.98.vultr.com (45.63.18.98:80)

TCP (HTTP):

Connects to 108.61.191.230.vultr.com (108.61.191.230:80)

Remove ipdgqv54a5.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.