expinet.exe

Telintrans

The executable expinet.exe has been detected as malware by 2 anti-virus scanners. While running, it connects to the Internet address www.colis-logistique.com on port 80 using the HTTP protocol.
Publisher:
Telintrans

Description:
Expeditor INet

Version:
2.000

MD5:
a24ba663576136cde32aee9f1bb9d235

SHA-1:
93b17a22512bdbafab7383efc4ebb9fa7d350a36

SHA-256:
df30a5a82f29b377d7563f735b9f0931fc6b1c8649fc22b00c7bd6717134fa93

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
12/24/2024 11:44:36 AM UTC  (today)

Scan engine
Detection
Engine version

herdProtect (fuzzy)
2015.8.23.1

Reason Heuristics
Threat.Win.Reputation.IMP
15.7.22.15

File size:
192 KB (196,621 bytes)

Copyright:
Copyright © GeoPost SI

File type:
Executable application (Win32 EXE)

Language:
French (France)

File PE Metadata
Compilation timestamp:
12/8/2009 10:52:03 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
3072:AMK36Sr0osZ0INF9ltJNNF9Zyv8uyzR82XEAKAGxYv/ywOCQnhM3DOMNP98kQqop:AF20v7iR82X2cv/ywAhM36MNFnX7il

Entry address:
0x116CC

Entry point:
55, 8B, EC, 6A, FF, 68, D8, 32, 41, 00, 68, 30, 18, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 84, 31, 41, 00, 59, 83, 0D, 94, A3, 41, 00, FF, 83, 0D, 98, A3, 41, 00, FF, FF, 15, 88, 31, 41, 00, 8B, 0D, AC, 9F, 41, 00, 89, 08, FF, 15, 8C, 31, 41, 00, 8B, 0D, A8, 9F, 41, 00, 89, 08, A1, 90, 31, 41, 00, 8B, 00, A3, 90, A3, 41, 00, E8, 9A, 75, FF, FF, 39, 1D, 50, 90, 41, 00, 75, 0C, 68, 06, 47, 40, 00, FF, 15, 94, 31...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
72 KB (73,728 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to www.colis-logistique.com  (213.41.95.188:80)

Remove expinet.exe - Powered by Reason Core Security