home

1263_internet_explorer_.exe

Interalc Technology Group S.L.

The application 1263_internet_explorer_.exe by Interalc Technology Group S.L has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from www.getsw.me and multiple other hosts. While running, it connects to the Internet address n1plpkivs-v03.any.prod.ams1.secureserver.net on port 80 using the HTTP protocol.
Publisher:
Interalc Technology Group S.L.  (signed and verified)

Version:
1.0.0.0

MD5:
484ef7c9e4c8563097b7e2d32fb694e5

SHA-1:
3185435d0d04d55f4eefa5a4c9ad9555879d576d

SHA-256:
f65d2995e3d3b77cf72639ccd502ede330de608c45bb42b772b9ac775eae422e

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/16/2024 12:01:49 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Toggle (M)
16.10.26.19

File size:
2.1 MB (2,244,552 bytes)

Product version:
1.0.0.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\programs\1263_internet_explorer_.exe

Digital Signature
Signed by:
Interalc Technology Group S.L.

Authority:
GoDaddy.com, Inc.

Valid from:
7/14/2014 11:37:03 PM

Valid to:
7/9/2015 4:35:34 PM

Subject:
CN=Interalc Technology Group S.L., O=Interalc Technology Group S.L., L=Madrid, S=MADRID, C=ES

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2806E8AB82D19A

File PE Metadata
Compilation timestamp:
7/31/2014 12:08:51 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:ztvnm4o4IRnSid46e2kOkQ4JHvTWVuMjhV:o4N2kVQ4sV

Entry address:
0x1CE7FC

Entry point:
55, 8B, EC, 83, C4, F0, B8, A8, 51, 5C, 00, E8, EC, C5, E3, FF, A1, C8, 99, 5D, 00, 8B, 00, E8, 6C, 7F, F5, FF, 33, C9, B2, 01, A1, 14, 6A, 54, 00, E8, 2E, D5, F4, FF, 8B, 15, C4, 98, 5D, 00, 89, 02, A1, C4, 98, 5D, 00, 8B, 00, E8, 46, 34, F5, FF, A1, C4, 98, 5D, 00, 8B, 00, 8B, 10, FF, 92, A8, 00, 00, 00, A1, C8, 99, 5D, 00, 8B, 00, 33, D2, E8, 2D, 9C, F5, FF, A1, C8, 99, 5D, 00, 8B, 00, C6, 40, 5F, 00, 8B, 0D, E4, 93, 5D, 00, A1, C8, 99, 5D, 00, 8B, 00, 8B, 15, 10, 4A, 5C, 00, E8, 22, 7F, F5, FF, A1, C8...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
1.8 MB (1,889,280 bytes)

The file 1263_internet_explorer_.exe has been seen being distributed by the following 9 URLs.

https://www.getsw.me/.../2043

https://www.getsw.me/.../2040

https://www.getsw.me/.../2044

https://www.getsw.me/.../2042

https://www.getsw.me/.../2038

https://www.getsw.me/.../761

https://www.getsw.me/.../2037

https://www.getsw.me/.../2045

https://www.getsw.me/.../2041

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to 214.ip-92-222-41.eu  (92.222.41.214:443)

TCP (HTTP):
Connects to n1plpkivs-v03.any.prod.ams1.secureserver.net  (188.121.36.239:80)

TCP (HTTP):
Connects to a1plpkivs-v03.any.prod.ash1.secureserver.net  (72.167.239.239:80)

Remove 1263_internet_explorer_.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.