6b4.tmp.exe

The executable 6b4.tmp.exe has been detected as malware by 1 anti-virus scanner.
MD5:
8e2d73e3152468c625667f456702a818

SHA-1:
37b7c3c8859fb324141f93307089b9c41742e93e

SHA-256:
bf2f12b9c225a11948e4aa67183f5eba370140ceb388889a85418dd8b69c84d1

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
12/24/2024 12:58:33 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Trojan.Injector
16.8.21.9

File size:
154.9 KB (158,594 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\6b4.tmp.exe

File PE Metadata
Compilation timestamp:
6/9/2016 11:40:04 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:2Su/aJUBpxjDw6Zk6yDswCyzJR9BEzxpEZzDgS:2SuiGxnw6Zk6yIwPH9BUpWgS

Entry address:
0x2F3E

Entry point:
55, 8B, EC, 6A, FF, 68, E8, 4A, 40, 00, 68, A8, 31, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, FF, 15, 0C, 65, 40, 00, 59, 83, 0D, D8, 5C, 40, 00, FF, 83, 0D, DC, 5C, 40, 00, FF, FF, 15, 08, 65, 40, 00, 8B, 0D, CC, 5C, 40, 00, 89, 08, FF, 15, 04, 65, 40, 00, 8B, 0D, C8, 5C, 40, 00, 89, 08, A1, 00, 65, 40, 00, 8B, 00, A3, D4, 5C, 40, 00, E8, E6, 01, 00, 00, 39, 1D, 30, 5B, 40, 00, 75, 0C, 68, 92, 31, 40, 00, FF, 15...
 
[+]

Entropy:
7.4689

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
12 KB (12,288 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to sinkhole-01.sinkhole.tech  (95.211.174.92:80)

TCP (HTTP):
Connects to 217.19.237.54.static.hosted.by.combell.com  (217.19.237.54:80)

TCP (HTTP):
Connects to xaicom.net  (85.214.214.113:80)

TCP (HTTP):
Connects to server.farmhouseserver.com  (198.57.196.166:80)

TCP (HTTP):
Connects to apache2-kant.curtin.dreamhost.com  (69.163.218.51:80)

TCP (HTTP):
Connects to 66-232-103-8.static.hvvc.us  (66.232.103.8:80)

TCP (HTTP):
Connects to server2016.italmarket.com  (95.141.36.94:80)

TCP (HTTP):
Connects to medius.do.innovatif.com  (198.211.123.23:80)

TCP (HTTP):
Connects to alienlabs.hu  (185.51.65.164:80)

TCP (HTTP):
Connects to 157-7-107-91.virt.lolipop.jp  (157.7.107.91:80)

TCP (HTTP):
Connects to 157-7-107-101.virt.lolipop.jp  (157.7.107.101:80)

TCP (HTTP):
Connects to web2.connext.net  (96.91.204.114:80)

TCP (HTTP):
Connects to sv140.xserver.jp  (210.188.201.166:80)

TCP (HTTP):
Connects to server.egywebstore.com  (72.44.93.236:80)

TCP (HTTP):
Connects to rs101.nsresponse.com  (204.93.177.101:80)

TCP (HTTP):
Connects to perfora.net  (74.208.215.199:80)

TCP (HTTP):
Connects to ns69.kreativmedia.ch  (80.74.154.6:80)

TCP (HTTP):
Connects to newip240.telewave.ad.jp  (219.122.1.240:80)

TCP (HTTP):
Connects to mail.elpro.si  (193.77.149.5:80)

TCP (HTTP):
Connects to cluster011.ovh.net  (213.186.33.40:80)

Remove 6b4.tmp.exe - Powered by Reason Core Security