home

1263.exe

Interalc Technology Group S.L.

The application 1263.exe by Interalc Technology Group S.L has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from www.filesoftware.net and multiple other hosts. While running, it connects to the Internet address n1plpkivs-v01.any.prod.ams1.secureserver.net on port 80 using the HTTP protocol.
Publisher:
Interalc Technology Group S.L.  (signed and verified)

Version:
1.0.0.0

MD5:
fbdfb0c433ef01d0d8fea9ace1a1edc0

SHA-1:
2a603ff8a07705b3cfff0e93f900689a5a022298

SHA-256:
b151b2e8a8e28675e0c7f17ea24957b43c705ff081ad2c47f3643a2da828319f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 10:56:51 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Toggle (M)
16.10.26.19

File size:
2.1 MB (2,244,552 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\1263.exe

Digital Signature
Signed by:
Interalc Technology Group S.L.

Authority:
GoDaddy.com, Inc.

Valid from:
7/14/2014 11:37:03 PM

Valid to:
7/9/2015 4:35:34 PM

Subject:
CN=Interalc Technology Group S.L., O=Interalc Technology Group S.L., L=Madrid, S=MADRID, C=ES

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2806E8AB82D19A

File PE Metadata
Compilation timestamp:
7/31/2014 12:08:54 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:0ESCMcNlC1FAN1j8Em4me6mURWHIRBlSiCAblOD67KkIh6koG3LPUTmgoKcHACAM:Ptvnm4o4IRnSid46eahagorHmTSuMzBb

Entry address:
0x1CE7FC

Entry point:
55, 8B, EC, 83, C4, F0, B8, C0, 51, 5C, 00, E8, EC, C5, E3, FF, A1, C8, 99, 5D, 00, 8B, 00, E8, 6C, 7F, F5, FF, 33, C9, B2, 01, A1, 14, 6A, 54, 00, E8, 2E, D5, F4, FF, 8B, 15, C4, 98, 5D, 00, 89, 02, A1, C4, 98, 5D, 00, 8B, 00, E8, 46, 34, F5, FF, A1, C4, 98, 5D, 00, 8B, 00, 8B, 10, FF, 92, A8, 00, 00, 00, A1, C8, 99, 5D, 00, 8B, 00, 33, D2, E8, 2D, 9C, F5, FF, A1, C8, 99, 5D, 00, 8B, 00, C6, 40, 5F, 00, 8B, 0D, E4, 93, 5D, 00, A1, C8, 99, 5D, 00, 8B, 00, 8B, 15, 28, 4A, 5C, 00, E8, 22, 7F, F5, FF, A1, C8...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1.8 MB (1,889,280 bytes)

The file 1263.exe has been seen being distributed by the following 17 URLs.

https://www.filesoftware.net/.../2055

https://www.filesoftware.net/.../2056

https://www.filesoftware.net/.../2049

https://www.filesoftware.net/.../2058

https://www.filesoftware.net/.../2038

https://www.filesoftware.net/.../2053

https://www.filesoftware.net/.../2046

https://www.filesoftware.net/.../2051

https://www.filesoftware.net/.../2042

https://www.filesoftware.net/.../1458

https://www.filesoftware.net/.../1934

https://www.filesoftware.net/.../2040

https://www.filesoftware.net/.../2043

https://www.filesoftware.net/.../581

https://www.filesoftware.net/.../761

https://www.filesoftware.net/.../2041

https://www.filesoftware.net/.../2039

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to n1plpkivs-v01.any.prod.ams1.secureserver.net  (188.121.36.237:80)

TCP (HTTP SSL):
Connects to 11.ip-92-222-174.eu  (92.222.174.11:443)

Remove 1263.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.