» microsoftcorp.exe
Overview
Analysis
File Details
Network (4)

microsoftcorp.exe

The executable microsoftcorp.exe has been detected as malware by 1 anti-virus scanner. While running, it connects to the Internet address kippo.eu on port 3003.

File name:

microsoftcorp.exe

MD5:

6545ff937cf4bcdf8c4aae2756a0f921

SHA-1:

740cbaef7447db364088845cadc06fb98eeec2b1

SHA-256:

7a8a6ded29de27880afc9ecae0105b3d052f60f4262dd46be3f7ec76af4e2366

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

11/16/2024 7:31:57 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Threat.Win.Reputation.IMP

16.12.23.4

File size:

4.1 MB (4,345,856 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\users\{user}\appdata\local\temp\microsoftcorp.exe

File PE Metadata

Compilation timestamp:

6/27/2014 12:26:33 PM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

2.23

Entry address:

0x14C0

Entry point:

48, 83, EC, 28, C7, 05, 22, 8B, 42, 00, 00, 00, 00, 00, E8, FD, 73, 25, 00, E8, A8, FC, FF, FF, 90, 90, 48, 83, C4, 28, C3, 90, C3, 48, 83, EC, 38, 48, 8D, 54, 24, 2F, 48, 8B, 05, D7, 4B, 42, 00, 48, 8D, 48, E8, E8, 86, F8, 2E, 00, 90, 48, 83, C4, 38, C3, 48, 83, EC, 38, 48, 8D, 54, 24, 2F, 48, 8B, 05, B0, 4B, 42, 00, 48, 8D, 48, E8, E8, 67, F8, 2E, 00, 90, 48, 83, C4, 38, C3, 48, 83, EC, 38, 48, 8D, 54, 24, 2F, 48, 8B, 05, 89, 4B, 42, 00, 48, 8D, 48, E8, E8, 48, F8, 2E, 00, 90, 48, 83, C4, 38, C3, 48, 83... 
[+]

Code size:

3.2 MB (3,384,320 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to static.243.47.9.176.clients.your-server.de (176.9.47.243:5559)

TCP:

Connects to monero.crypto-pool.fr (212.129.9.16:6666)

TCP:

Connects to mailrelay.203.website.ws (64.70.19.203:1111)

TCP:

Connects to kippo.eu (51.255.163.106:3003)

Remove microsoftcorp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.