home

msiql.exe

The application msiql.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘msiql’. While running, it connects to the Internet address w.interiowo.pl on port 80 using the HTTP protocol.
Version:
1.0.1.30

MD5:
af7fcb32c2bad6bffbf53308fecf2465

SHA-1:
a1a06fea8abc9875e3cb0f94e10d32dd3e981fc2

SHA-256:
1911c7f5ff999e8ea77c7e29b260f187cf2f4e4b5fda09494e8a0a019b51ab2c

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/2/2024 6:57:15 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.TopTools (M)
17.3.1.15

File size:
2.1 MB (2,170,368 bytes)

Product version:
1.0.1.30

Copyright:
Copyright (C) 2015

Original file name:
jkajskdfj

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\msiql.exe

File PE Metadata
Compilation timestamp:
2/8/1998 9:10:01 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x21ACE4

Entry point:
85, DA, 74, 09, F6, C4, D9, C7, C3, AF, AB, 5D, 3C, F2, 0F, B6, F2, C6, C3, B3, 8D, 2D, A3, EB, 87, 43, 69, FF, 85, 04, 7F, A9, 10, CB, 33, DF, 85, F8, BA, DE, A3, FB, FF, 0F, BE, EE, F7, C1, 18, FC, 4E, 64, 0F, BF, C3, 81, C2, D6, 3A, 05, 00, 0F, BE, DD, 0F, AF, F7, 23, F6, 8D, 3D, 65, 84, 62, 5E, 80, F3, 47, 80, EF, 16, 85, E9, 8D, 35, 32, 4F, DB, EB, 2B, C0, 4D, 85, D5, 0B, C2, 0F, B6, F0, 85, F1, 50, C6, C3, 32, C6, C7, 4D, 59, 0F, BE, DA, 22, DA, F7, C0, 47, A4, DA, E2, 88, EB, BD, E5, 5E, 29, 39, 81...
 
[+]

Entropy:
6.5197

Code size:
1.6 MB (1,626,112 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
msiql

Command:
C:\users\{user}\appdata\local\temp\{random}.tmp\msiql.exe \running


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to w.interiowo.pl  (217.74.66.161:80)

TCP (HTTP):
Connects to 89-19-29-112.cizgi.net.tr  (89.19.29.112:80)

TCP (HTTP):
Connects to dns1.ru-tld.ru  (37.187.83.72:80)

TCP (HTTP):
Connects to dns2.ru-tld.ru  (176.31.179.191:80)

Remove msiql.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.