home

inst.exe

Navigation network co.,limited

The application inst.exe by Navigation network co.,limited has been detected as adware by 8 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d5qlpohh1zul3.cloudfront.net.
Publisher:
Navigation network co.,limited  (signed and verified)

Version:
2.0.0.0

MD5:
8f5ddf1b819bace3f5e92c36b221bc2c

SHA-1:
df7782941f964a89b69d5519903ddc8012b1465f

SHA-256:
96230a1f7bcc855ae1d091903b81ecebe138bd6863275c9361b1da520c58f288

Scanner detections:
8 / 68

Status:
Adware

Analysis date:
11/24/2024 10:14:23 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
ADWARE/Navegaki.464784
8.3.2.2

Bkav FE
W32.HfsAdware
1.3.0.6979

ESET NOD32
Win32/Adware.Navegaki.AK (variant)
9.12199

Fortinet FortiGate
Riskware/Navegaki
10/24/2015

K7 AntiVirus
Adware
13.2017108

McAfee
Artemis!8F5DDF1B819B
5600.6602

Panda Antivirus
PUP/Navegaki
15.10.24.12

Reason Heuristics
PUP.Navigationnetworkcolimited (M)
15.10.24.12

File size:
453.9 KB (464,784 bytes)

Product version:
2.0.0.0

Copyright:
Copyright (C) 2014

Original file name:
Download.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\inst.exe

Digital Signature
Signed by:
Navigation network co.,limited

Authority:
VeriSign, Inc.

Valid from:
2/19/2014 2:00:00 AM

Valid to:
2/20/2016 1:59:59 AM

Subject:
CN="Navigation network co.,limited", OU=Software Department, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Navigation network co.,limited", L=Hongkong, S=Hongkong, C=HK

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2617E71F3DD61639E291AD2D048E1D8A

File PE Metadata
Compilation timestamp:
8/6/2015 2:50:52 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:XfNBs/LP5u/X4fTzd8RxnVqxstovJOpQj+:ITygTGtVEH8pC+

Entry address:
0x29B70

Entry point:
E8, C1, E4, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 14, 56, 85, C0, 74, 3C, 83, 7D, 08, 00, 75, 13, E8, 31, 3A, 00, 00, 6A, 16, 5E, 89, 30, E8, 77, 67, 00, 00, 8B, C6, EB, 25, 83, 7D, 10, 00, 74, E7, 39, 45, 0C, 73, 09, E8, 13, 3A, 00, 00, 6A, 22, EB, E0, 50, FF, 75, 10, FF, 75, 08, E8, 92, DD, FF, FF, 83, C4, 0C, 33, C0, 5E, 5D, C3, 55, 8B, EC, 83, 3D, 44, 86, 45, 00, 00, 75, 75, 8B, 55, 08, 85, D2, 75, 17, E8, E3, 39, 00, 00, C7, 00, 16, 00, 00, 00, E8, 28, 67, 00, 00, B8, FF, FF, FF, 7F, 5D, C3...
 
[+]

Code size:
274 KB (280,576 bytes)

The file inst.exe has been seen being distributed by the following URL.

http://d5qlpohh1zul3.cloudfront.net/download/.../316_342tr_360_Total_Security.exe

Remove inst.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.