home

vrt63.tmp

The file vrt63.tmp has been detected as malware by 2 anti-virus scanners. While running, it connects to the Internet address static.88-99-25-106.clients.your-server.de on port 80 using the HTTP protocol.
MD5:
740ef692b02ca63371bd35e0c66ba1ba

SHA-1:
48524bd4412b9da01b2d4ef3ae043d30ec871d46

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
11/23/2024 1:54:17 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Spammer.Agent.AN trojan
6.3.12010.0

F-Prot
W32/Threat-HLLSI-based
4.6.5.141

File size:
4.5 KB (4,608 bytes)

Common path:
C:\windows\temp\vrt63.tmp

File PE Metadata
Compilation timestamp:
3/3/2017 2:04:48 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

Entry address:
0x116A

Entry point:
68, 05, 30, 40, 00, 6A, 00, 6A, 01, 6A, 00, E8, 1E, 05, 00, 00, E8, 37, 05, 00, 00, 3D, B7, 00, 00, 00, 0F, 84, 20, 05, 00, 00, 68, 04, 01, 00, 00, 68, D8, 31, 40, 00, 6A, 00, E8, 21, 05, 00, 00, 68, D8, 31, 40, 00, 68, 3F, 30, 40, 00, 68, 70, 30, 40, 00, E8, 2B, 05, 00, 00, 83, C4, 0C, 68, 6A, 34, 40, 00, E8, 06, 05, 00, 00, 68, AE, 34, 40, 00, 68, 6A, 34, 40, 00, 6A, 00, 6A, 00, 6A, 00, 6A, 00, 6A, 00, 6A, 00, 68, 70, 30, 40, 00, 6A, 00, E8, C0, 04, 00, 00, 85, C0, 74, 16, FF, 35, AE, 34, 40, 00, E8, A5...
 
[+]

Entropy:
4.3257

Code size:
2 KB (2,048 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:
Connects to static.88-99-25-106.clients.your-server.de  (88.99.25.106:4660)

TCP (SMTP):
Connects to r241-6.iq.pl  (86.111.241.6:25)

TCP (SMTP):
Connects to mail.friko.pl  (193.203.99.99:25)

TCP (SMTP):
Connects to kf.nazwa.pl  (85.128.128.99:25)

TCP (SMTP):
Connects to ip-193-187-64-47.e24cloud.com  (193.187.64.47:25)

TCP (SMTP):
Connects to smtp.fr.pl  (91.224.60.62:25)

TCP (SMTP):
Connects to v-kajmany.uek.krakow.pl  (149.156.208.232:25)

TCP (SMTP):
Connects to srvzmail.iod.krakow.pl  (149.156.29.77:25)

TCP (SMTP):
Connects to s28-mx.ogicom.net  (93.157.100.48:25)

TCP (SMTP):
Connects to netpak24.pl  (91.240.101.68:25)

TCP (SMTP):
Connects to neptun.os.pl  (46.105.105.133:25)

TCP (SMTP):
Connects to mx.strefa.interia.pl  (217.74.64.36:25)

TCP (SMTP):
Connects to IP-212-91-7-33.as48707.pl  (212.91.7.33:25)

TCP (SMTP):
Connects to xyz26.safe-lock.net  (194.169.126.26:25)

TCP (SMTP):
Connects to wn19.webd.pl  (194.181.122.225:25)

TCP (SMTP):
Connects to wn18.webd.pl  (194.181.122.205:25)

TCP (SMTP):
Connects to ubik.melog.com  (85.232.238.229:25)

TCP (SMTP):
Connects to t2-221-172.trustnet.pl  (91.211.221.172:25)

TCP (SMTP):
Connects to sv953.xserver.jp  (157.112.152.54:25)

TCP (SMTP):
Connects to sv828.xserver.jp  (157.112.176.29:25)

Remove vrt63.tmp - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.