directx_9.10.11.exe

IN SITE GROUP LLC

The application directx_9.10.11.exe by IN SITE GROUP has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. While running, it connects to the Internet address 85-10-200-21.clients.your-server.de on port 80 using the HTTP protocol.
Publisher:
IN SITE GROUP LLC  (signed and verified)

MD5:
4ce857affde1f6eb63a673813f096ced

SHA-1:
6ff5ee6ed0562e43c0e3a4f5908a7309a2e537a8

SHA-256:
18a81c1f797e88ebad200297baeb72c0754a5dfa73653aa1ee0e8fa547793d60

Scanner detections:
7 / 68

Status:
Adware

Analysis date:
12/24/2024 3:57:54 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Agent
2014.10.17

AVG
Generic
2015.0.3289

Baidu Antivirus
PUA.Win32.Softobase
4.0.3.141116

Dr.Web
Adware.Downware.8427
9.0.1.0320

ESET NOD32
Win32/Softobase
8.10575

McAfee
Artemis!4CE857AFFDE1
5600.6945

Reason Heuristics
PUP.INSITEGROUP.N
14.11.21.23

File size:
152.9 KB (156,552 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Common path:
C:\users\{user}\downloads\directx_9.10.11.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
12/24/2013 4:00:00 AM

Valid to:
12/25/2014 3:59:59 AM

Subject:
CN=IN SITE GROUP LLC, OU=IT DEPARTMENT, O=IN SITE GROUP LLC, STREET=GAGARINA AVENUE 115, L=DNEPROPETROVSK, S=Outside United States, PostalCode=49000, C=UA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
55D394430ABD92A2E716421844EC9E5B

File PE Metadata
Compilation timestamp:
2/19/2012 7:01:49 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.22

CTPH (ssdeep):
3072:6X7DItrfaocyTgfsqQOlJOQN3tNuPx+r1tnst4Z5PBTPAD9:6saocyLCOQZtNuPx+vst+5FK

Entry address:
0x4327

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7...
 
[+]

Code size:
34.5 KB (35,328 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to 85-10-200-21.clients.your-server.de  (85.10.200.21:80)

Remove directx_9.10.11.exe - Powered by Reason Core Security