» sro_client.exe
Overview
Analysis
File Details
Network (17)

sro_client.exe

The executable sro_client.exe has been detected as malware by 11 anti-virus scanners. While running, it connects to the Internet address ip115.ip-92-222-158.eu on port 35487.

File name:

sro_client.exe

MD5:

58152438c3a0798348ed491e65fa67bb

SHA-1:

b0ad470a517f5bf6fd94ce290c93b2e113d910ed

SHA-256:

5a554428c32b45e775c136baba6d8d5df6040109dc679c3f2e4e4768300af08d

Scanner detections:

11 / 68

Status:

Malware

Analysis date:

5/17/2024 5:01:28 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.DL.Genome

7.1.1

AhnLab V3 Security

Downloader/Win32.Genome

14.05.14

Comodo Security

UnclassifiedMalware

18205

McAfee

Artemis!58152438C3A0

5600.7131

Norman

Suspicious_Gen2.PTUPO

11.20140514

nProtect

Trojan/W32.Agent.11485184

14.04.10.02

Quick Heal

TrojanDownloader.Genome.cpnh

9.14.14.00

Reason Heuristics

Threat.Win.Reputation.IMP

14.9.21.21

Rising Antivirus

PE:Trojan.Win32.Generic.129977ED!312047597

23.00.65.14512

VIPRE Antivirus

Trojan.Win32.Generic

28194

Zillya! Antivirus

Downloader.Genome.Win32.33838

2.0.0.1775

File size:

11 MB (11,485,184 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

7/28/2011 11:24:22 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

196608:5iSCtrNlJP/tH8wpbF3jaPNlqkUBY6FSLuEzB:5iSCtvZ/JpbF3jENlqkUBYBP

Entry address:

0x749B52

Entry point:

E8, 6C, AB, 01, 00, E9, 16, FE, FF, FF, 55, 8B, EC, 51, 51, D9, EE, 8B, 45, 08, DD, 5D, F8, 89, 45, F8, 8B, 45, 14, 33, 45, 0C, 25, FF, FF, FF, 7F, 33, 45, 14, 89, 45, FC, DD, 45, F8, C9, C3, 55, 8B, EC, 51, 51, D9, EE, 8B, 45, 08, DD, 5D, F8, 89, 45, F8, 8B, 45, 0C, 8B, C8, F7, D1, 33, C8, 81, E1, FF, FF, FF, 7F, F7, D0, 33, C8, 89, 4D, FC, DD, 45, F8, C9, C3, FF, 74, 24, 0C, DD, 44, 24, 08, 51, 51, DD, 1C, 24, E8, 98, AB, 01, 00, 83, C4, 0C, C3, 55, 8B, EC, 51, 56, 57, BE, FF, FF, 00, 00, 56, 68, 3F, 13... 
[+]

Code size:

9.5 MB (9,957,376 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to customer.worldstream.nl (109.236.87.181:35487)

TCP (FTP):

Connects to WIN-C1LVMEFUN9U (62.112.9.93:21)

TCP:

Connects to ns390469.ip-188-165-244.eu (188.165.244.8:35487)

TCP:

Connects to ip115.ip-92-222-158.eu (92.222.158.115:35487)

TCP:

Connects to static.218.73.4.46.clients.your-server.de (46.4.73.218:15884)

TCP:

Connects to spd.net.tr (178.20.227.137:14001)

Remove sro_client.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.