» instnm.exe
Overview
Analysis
File Details
Behaviors (1)
Network (4)

instnm.exe

The executable instnm.exe has been detected as malware by 29 anti-virus scanners. While running, it connects to the Internet address 216.49.17.139.res-cmts.hzl2.ptd.net on port 48754.

File name:

instnm.exe

MD5:

186bd78a429077480f4f25872c1a0a0a

SHA-1:

afc379d4001d370976155eda61a06ddd5fe3c6bf

SHA-256:

c7481c1bfeca7784f9f863aca7a2ca3758ade642d2c07951320cf812e11cfb56

Scanner detections:

29 / 68

Status:

Malware

Analysis date:

11/23/2024 9:36:38 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.12501266

715

Agnitum Outpost

Trojan.Agent

7.1.1

Avira AntiVirus

TR/ATRAPS.Gen4

7.11.205.2

avast!

Win64:Malware-gen

2014.9-150205

AVG

Win32/DH

2016.0.3208

Baidu Antivirus

Trojan.Win64.Asterope

4.0.3.1525

Bitdefender

Trojan.Generic.12501266

1.0.20.250

Comodo Security

UnclassifiedMalware

20767

Emsisoft Anti-Malware

Trojan.Generic.12501266

8.15.02.19.02

ESET NOD32

Win64/Asterope (variant)

9.11037

Fortinet FortiGate

W64/Asterope.A!tr

2/5/2015

F-Secure

Trojan.Generic.12501266

11.2015-19-02_5

G Data

Trojan.Generic.12501266

15.2.24

IKARUS anti.virus

Trojan.Win32.Agent

t3scan.1.8.6.0

K7 AntiVirus

Trojan

13.192.14746

Kaspersky

Trojan.Win32.Agent

14.0.0.2534

McAfee

RDN/Generic.dx!d2o

5600.6849

Microsoft Security Essentials

Trojan:Win64/Ropest.G

1.11302

MicroWorld eScan

Trojan.Generic.12501266

16.0.0.150

NANO AntiVirus

Trojan.Win64.Agent.dmssik

0.30.0.64812

nProtect

Trojan.Generic.12501266

15.01.23.01

Panda Antivirus

Trj/CI.A

15.02.05.07

Qihoo 360 Security

Win32/Trojan.0fe

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

15.2.19.14

Sophos

Troj/Agent-ALDF

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Ropest

10072

Trend Micro House Call

TROJ_GEN.R0C1H01A915

7.2.36

Vba32 AntiVirus

Trojan.Agent.amobo

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

36788

File size:

140.5 KB (143,872 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\users\{user}\appdata\roaming\microsoft\windows\ieupdate\instnm.exe

File PE Metadata

Compilation timestamp:

1/7/2005 8:13:57 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:KdUPSo+7abnqBKIktr2DMZ89YKwST1BHU5EY:NSo1E9Ct/lEY

Entry address:

0x6B50

Entry point:

48, 89, 5C, 24, 10, 48, 89, 74, 24, 18, 55, 48, 8D, AC, 24, 50, F8, FF, FF, 48, 81, EC, B0, 08, 00, 00, E8, B5, FF, FF, FF, E8, A4, AA, FF, FF, E8, 13, F7, FF, FF, 84, C0, 0F, 84, F8, 02, 00, 00, 48, 8D, 95, 10, 06, 00, 00, B9, 02, 02, 00, 00, FF, 15, F5, 5A, 01, 00, 85, C0, 0F, 85, DE, 02, 00, 00, 48, 8D, 0D, 66, C8, 01, 00, 33, D2, E8, 1F, 58, 00, 00, 85, C0, 0F, 84, C8, 02, 00, 00, 48, 8D, 35, D8, C5, 01, 00, 41, B8, 04, 01, 00, 00, 33, C9, 48, 8B, D6, FF, 15, 17, 56, 01, 00, 48, 8B, CE, FF, 15, AE, 59... 
[+]

Entropy:

6.4117

Code size:

108 KB (110,592 bytes)

Ini File Mappings System INI

Name:

SCRNSAVE.EXE

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to float.1064.bm-impbus.prod.ams1.adnexus.net (37.252.162.125:80)

TCP (HTTP):

Connects to 94.31.29.160.IPYX-077437-ZYO.above.net (94.31.29.160:80)

TCP (HTTP):

Connects to 64.224.221.162.serverel.net (162.221.224.64:80)

TCP:

Connects to 216.49.17.139.res-cmts.hzl2.ptd.net (216.49.17.139:48754)

Remove instnm.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.