Prevx Research Division
263.EXE
Information StealerFree PC Cleanup from Webroot
Use Webroot SecureAnywhere to remove 263.EXE.
"Just when you thought it couldn't get any better or faster. The Webroot scanning engine is 'high octane' with a hidden nitrous oxide system. Bravo!!!" W. Lodzinski, SecureAnywhere User
Associated Malware Groups
The unsafe files using this name are associated with the malware groups:
- Information Stealer
- Cloaked Malware
File Behavior
263.EXE has been seen to perform the following behavior:
- The Process is packed and/or encrypted using a software packing process
- Executes a Process
- This process creates other processes on disk
- This Process is a file infector which modifies program files to include a copy of the infection
- Looks at the contents of the autoexec.bat file
- Uses low level raw disk access which could bypass security applications and checks
- Drops known malicious software during execution
- Reads email address and phone book details
- Includes file creation code which could be used to test for interception by security products
- Uses DNS to retrieve the IP address for web sites
- Visits web sites on your PC without you knowing
- Injects code into other processes
- This Process Deletes Other Processes From Disk
- Creates new folders on the system
- Copies files
- Sets processes to start during user logon
263.EXE has been the subject of the following behavior:
- Added as a Registry auto start to load Program on Boot up
- Executed as a Process
- Created as a process on disk
- Copied to multiple locations on the system
Country Of Origin
The filename 263.EXE was first seen on Mar 18 2009 in the following geographical regions of the Webroot community:
- Spain on Mar 18 2009
- The United States on Nov 5 2009
- The United Kingdom on Apr 9 2010
- Turkey on May 18 2012
File Name Aliases
263.EXE can also use the following file names:
- 1[1].EXE
- 878.EXE
- 1588.EXE
- 2109.EXE
- 02427392.DAT
Filesizes
The following file size has been seen:
- 77,824 bytes
- 67,588 bytes
- 50,176 bytes
- 38,400 bytes
- 12,288 bytes
File Type
The filename 263.EXE refers to many versions of an executable program.
File Activity
One or more files with the name 263.EXE creates, deletes, copies or moves the following files and folders:
- Opens/modifes c:\autoexec.bat
- Creates c:\docume~1\jim\locals~1\temp\a.exe
Network Activity
One or more files with the name 263.EXE performs the following network events:
- DNS Lookup imagesrepository.com
- DNS Lookup216.240.157.91 imagesrepository.com
- DNS Lookup images-smile.com
- DNS Lookup64.191.25.166 images-smile.com
- DNS Lookup zone-searching.com
- DNS Lookup88.214.205.8 zone-searching.com
Website Activity
One or more files with the name 263.EXE interacts with the following web sites and pages. Web addresses have been deliberately modified to prevent unintentional use.
- Remote server connection to imagesrepository .co
- Remote server connection to images-smile .co
- Remote server connection to zone-searching .co
- Port 80 IP:216.240.157.91
- Port 80 IP:64.191.25.166
- Port 80 IP:88.214.205.8
Help the Webroot Community to fight cyber crime
We are always looking for ways to improve the quality and speed of research to help us protect you from malicious software and cyber crime.
PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.