1263.exe

Interalc Technology Group S.L.

The application 1263.exe by Interalc Technology Group S.L has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from www.filesoftware.net and multiple other hosts. While running, it connects to the Internet address n1plpkivs-v01.any.prod.ams1.secureserver.net on port 80 using the HTTP protocol.
Publisher:
Interalc Technology Group S.L.  (signed and verified)

Version:
1.0.0.0

MD5:
fbdfb0c433ef01d0d8fea9ace1a1edc0

SHA-1:
2a603ff8a07705b3cfff0e93f900689a5a022298

SHA-256:
b151b2e8a8e28675e0c7f17ea24957b43c705ff081ad2c47f3643a2da828319f

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 12:44:30 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Toggle (M)
16.10.26.19

File size:
2.1 MB (2,244,552 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\1263.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
7/14/2014 11:37:03 PM

Valid to:
7/9/2015 4:35:34 PM

Subject:
CN=Interalc Technology Group S.L., O=Interalc Technology Group S.L., L=Madrid, S=MADRID, C=ES

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2806E8AB82D19A

File PE Metadata
Compilation timestamp:
7/31/2014 12:08:54 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:0ESCMcNlC1FAN1j8Em4me6mURWHIRBlSiCAblOD67KkIh6koG3LPUTmgoKcHACAM:Ptvnm4o4IRnSid46eahagorHmTSuMzBb

Entry address:
0x1CE7FC

Entry point:
55, 8B, EC, 83, C4, F0, B8, C0, 51, 5C, 00, E8, EC, C5, E3, FF, A1, C8, 99, 5D, 00, 8B, 00, E8, 6C, 7F, F5, FF, 33, C9, B2, 01, A1, 14, 6A, 54, 00, E8, 2E, D5, F4, FF, 8B, 15, C4, 98, 5D, 00, 89, 02, A1, C4, 98, 5D, 00, 8B, 00, E8, 46, 34, F5, FF, A1, C4, 98, 5D, 00, 8B, 00, 8B, 10, FF, 92, A8, 00, 00, 00, A1, C8, 99, 5D, 00, 8B, 00, 33, D2, E8, 2D, 9C, F5, FF, A1, C8, 99, 5D, 00, 8B, 00, C6, 40, 5F, 00, 8B, 0D, E4, 93, 5D, 00, A1, C8, 99, 5D, 00, 8B, 00, 8B, 15, 28, 4A, 5C, 00, E8, 22, 7F, F5, FF, A1, C8...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1.8 MB (1,889,280 bytes)

The file 1263.exe has been seen being distributed by the following 17 URLs.

https://www.filesoftware.net/.../2055

https://www.filesoftware.net/.../2056

https://www.filesoftware.net/.../2049

https://www.filesoftware.net/.../2058

https://www.filesoftware.net/.../2038

https://www.filesoftware.net/.../2053

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to n1plpkivs-v01.any.prod.ams1.secureserver.net  (188.121.36.237:80)

TCP (HTTP SSL):
Connects to 11.ip-92-222-174.eu  (92.222.174.11:443)

Remove 1263.exe - Powered by Reason Core Security