msiql.exe

The application msiql.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. The file has been seen being downloaded from down.hejie123.com. While running, it connects to the Internet address customer.sharktech.net on port 80 using the HTTP protocol.
Version:
1.0.1.30

MD5:
987a5fc2e3ed22f47cca3088f19aaa14

SHA-1:
8c211b7ccd875dcbbdcbccbbe692389c6a74fc39

SHA-256:
0d84963d5bd998af2e6055a9d88e016271edeb2590f223c247450c4541eade1d

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 12:39:15 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.TopTools
17.1.18.9

File size:
2 MB (2,072,064 bytes)

Product version:
1.0.1.30

Copyright:
Copyright (C) 2015

Original file name:
jkajskdfj

File type:
Executable application (Win32 EXE)

Language:
English

Common path:
C:\windows\temp\00021468\msiql.exe

File PE Metadata
Compilation timestamp:
1/21/2017 5:03:23 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0x8E77A

Entry point:
E8, F0, 47, 01, 00, E9, 00, 00, 00, 00, 6A, 14, 68, E8, 7B, 5C, 00, E8, C0, DF, 00, 00, E8, D7, AE, 00, 00, 0F, B7, F0, 6A, 02, E8, 83, 47, 01, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 75, EC, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Code size:
1.6 MB (1,626,112 bytes)

The file msiql.exe has been seen being distributed by the following URL.

http://down.hejie123.com/.../msiql.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to customer.sharktech.net  (104.160.178.242:80)

TCP (HTTP):
Connects to ec2-54-200-58-62.us-west-2.compute.amazonaws.com  (54.200.58.62:80)

Remove msiql.exe - Powered by Reason Core Security