2560d.exe

BDE MSM Configuration Utility

`

The executable 2560d.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘6d676’. While running, it connects to the Internet address static.9.178.201.138.clients.your-server.de on port 80 using the HTTP protocol.
Publisher:
`

Product:
BDE MSM Configuration Utility

Description:
File folder

Version:
1.00

MD5:
5bb68bbc8aba986fd229e63eb3c0a37d

SHA-1:
d482f6e46d1977317e550384065b88dfb03cdf2f

SHA-256:
150fc90235ad93fb61e48f1956c08fc3a3711e389003239718836ad408d2e884

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/27/2024 4:07:29 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Generic
17.2.14.10

File size:
672 KB (688,128 bytes)

Product version:
1.00

Original file name:
BDEMMCFG

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\2560d.exe

File PE Metadata
Compilation timestamp:
1/5/2000 4:22:15 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

Entry address:
0xA989E

Entry point:
83, 3C, 24, FE, 77, FE, 8D, 64, 24, CC, 60, 83, EC, DC, E8, 6A, 97, FF, FF, 4B, 66, 4B, 75, FC, 92, FE, C2, 42, FF, 73, 3C, 59, 81, E9, FD, FF, FF, 7F, 0F, 83, E7, FF, FF, FF, 81, D9, E6, 13, 00, 00, 71, DF, 86, C2, 87, F2, FF, B4, 19, E4, 13, 00, 80, 83, C4, 04, 66, 81, 44, 24, FC, B0, BA, 75, C8, 4E, 87, F1, 90, 68, BE, AF, 76, 9A, E8, 3E, 97, FF, FF, 89, 74, 24, 44, E8, 4C, FF, FF, FF, 89, 44, 24, 34, 83, E8, 04, 72, 6D, 80, D2, 27, 47, 64, A1, 18, 00, 00, 00, 85, C0, 78, 0C, A8, 3E, 86, EA, 8B, 40, 34...
 
[+]

Entropy:
4.4878

Code size:
192 KB (196,608 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
6d676

Command:
64a2b.exe


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to static.9.178.201.138.clients.your-server.de  (138.201.178.9:80)

TCP (HTTP):
Connects to static.248.127.63.178.clients.your-server.de  (178.63.127.248:80)

TCP (HTTP):
Connects to ec2-52-207-114-118.compute-1.amazonaws.com  (52.207.114.118:80)

TCP (HTTP):
Connects to b2.f1.2bd0.ip4.static.sl-reverse.com  (208.43.241.178:80)

TCP (HTTP):
Connects to hosted-by.hostdl.com.asiatech.ir  (185.49.84.252:80)

TCP (HTTP):
Connects to 185.51.201.10.shahrad.net  (185.51.201.10:80)

Remove 2560d.exe - Powered by Reason Core Security