» inetstat.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (2)
Network (1)

inetstat.exe

The application inetstat.exe has been detected as a potentially unwanted program by 6 anti-malware scanners. This is a setup program which is used to install the application. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘InetStat’. The file has been seen being downloaded from s3.amazonaws.com and multiple other hosts. While running, it connects to the Internet address static.25.22.243.136.clients.your-server.de on port 80 using the HTTP protocol.

File name:

inetstat.exe

MD5:

0693db92aeb61103c781e3867b8eb7b7

SHA-1:

6d860159a3ad4f566e62db98916b26f3255a7a1e

SHA-256:

ee8ed80a5eca45be3474c8a3bd9cf64753f37d5521799ac483b567fe52d49886

Scanner detections:

6 / 68

Status:

Potentially unwanted

Analysis date:

11/6/2024 1:54:14 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Dropper-gen [Drp]

2014.9-150813

Emsisoft Anti-Malware

Application.Generic.1269570

8.15.08.13.04

ESET NOD32

Win32/RiskWare.Astori.C application

9.7.0.302.0

F-Secure

Riskware.Application.Generic.1269570

11.2015-13-08_5

Reason Heuristics

Threat.Win.Reputation.IMP

15.8.13.0

Sophos

Generic PUA EI

4.98

File size:

820.5 KB (840,206 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\inetstat\inetstat.exe

File PE Metadata

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.24

CTPH (ssdeep):

24576:rHPHv3QPO2kS6l4xpZ4h8yJNWxkxG7SpmH7HCHSHqHKHYH/HzDeAWoz8oHnH2H2l:NB8pv/kxG7SpP

Entry address:

0x14C0

Entry point:

83, EC, 0C, C7, 05, 74, 86, 45, 00, 01, 00, 00, 00, E8, DE, EE, 02, 00, 83, C4, 0C, E9, A6, FC, FF, FF, 8D, B6, 00, 00, 00, 00, 83, EC, 0C, C7, 05, 74, 86, 45, 00, 00, 00, 00, 00, E8, BE, EE, 02, 00, 83, C4, 0C, E9, 86, FC, FF, FF, 90, 90, 90, 90, 90, 90, A1, 80, 5B, 44, 00, 85, C0, 74, 43, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, 60, 44, 00, FF, 15, 90, A5, 45, 00, BA, 00, 00, 00, 00, 83, EC, 04, 85, C0, 74, 16, C7, 44, 24, 04, 0E, 60, 44, 00, 89, 04, 24, FF, 15, 98, A5, 45, 00, 83, EC, 08, 89, C2, 85, D2... 
[+]

Code size:

256 KB (262,144 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

InetStat

Command:

C:\users\{user}\appdata\roaming\inetstat\inetstat.exe

The file inetstat.exe has been seen being distributed by the following 2 URLs.

https://s3.amazonaws.com/.../inter_silent_nt.exe

http://dl.interstat.eu/inter_silent_nt.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to static.25.22.243.136.clients.your-server.de (136.243.22.25:80)

Remove inetstat.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.