1263_internet_explorer_.exe

Interalc Technology Group S.L.

The application 1263_internet_explorer_.exe by Interalc Technology Group S.L has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from www.getsw.me and multiple other hosts. While running, it connects to the Internet address n1plpkivs-v03.any.prod.ams1.secureserver.net on port 80 using the HTTP protocol.
Publisher:
Interalc Technology Group S.L.  (signed and verified)

Version:
1.0.0.0

MD5:
484ef7c9e4c8563097b7e2d32fb694e5

SHA-1:
3185435d0d04d55f4eefa5a4c9ad9555879d576d

SHA-256:
f65d2995e3d3b77cf72639ccd502ede330de608c45bb42b772b9ac775eae422e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/27/2024 1:59:54 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Toggle (M)
16.10.26.19

File size:
2.1 MB (2,244,552 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\programs\1263_internet_explorer_.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
7/14/2014 11:37:03 PM

Valid to:
7/9/2015 4:35:34 PM

Subject:
CN=Interalc Technology Group S.L., O=Interalc Technology Group S.L., L=Madrid, S=MADRID, C=ES

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2806E8AB82D19A

File PE Metadata
Compilation timestamp:
7/31/2014 12:08:51 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:ztvnm4o4IRnSid46e2kOkQ4JHvTWVuMjhV:o4N2kVQ4sV

Entry address:
0x1CE7FC

Entry point:
55, 8B, EC, 83, C4, F0, B8, A8, 51, 5C, 00, E8, EC, C5, E3, FF, A1, C8, 99, 5D, 00, 8B, 00, E8, 6C, 7F, F5, FF, 33, C9, B2, 01, A1, 14, 6A, 54, 00, E8, 2E, D5, F4, FF, 8B, 15, C4, 98, 5D, 00, 89, 02, A1, C4, 98, 5D, 00, 8B, 00, E8, 46, 34, F5, FF, A1, C4, 98, 5D, 00, 8B, 00, 8B, 10, FF, 92, A8, 00, 00, 00, A1, C8, 99, 5D, 00, 8B, 00, 33, D2, E8, 2D, 9C, F5, FF, A1, C8, 99, 5D, 00, 8B, 00, C6, 40, 5F, 00, 8B, 0D, E4, 93, 5D, 00, A1, C8, 99, 5D, 00, 8B, 00, 8B, 15, 10, 4A, 5C, 00, E8, 22, 7F, F5, FF, A1, C8...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1.8 MB (1,889,280 bytes)

The file 1263_internet_explorer_.exe has been seen being distributed by the following 9 URLs.

https://www.getsw.me/.../2043

https://www.getsw.me/.../2040

https://www.getsw.me/.../2044

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to 214.ip-92-222-41.eu  (92.222.41.214:443)

TCP (HTTP):
Connects to n1plpkivs-v03.any.prod.ams1.secureserver.net  (188.121.36.239:80)

TCP (HTTP):
Connects to a1plpkivs-v03.any.prod.ash1.secureserver.net  (72.167.239.239:80)

Remove 1263_internet_explorer_.exe - Powered by Reason Core Security