» insx208e.tmp
Overview
Analysis
File Details
Behaviors (1)
Downloads (1)

insx208e.tmp

The file insx208e.tmp has been detected as a potentially unwanted program by 24 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Caps Lock Key Session”. The file has been seen being downloaded from d2htwdv930b0cg.cloudfront.net.

File name:

insx208e.tmp

MD5:

830d6655d671a631fce809ad9ec36e54

SHA-1:

966ba4c63686416c2498c4c263b4b135da47a08b

SHA-256:

232a614cc00eeca6dba97b26e8a106e16c287e91a0b7b2f46e5f8f41580c1767

Scanner detections:

24 / 68

Status:

Potentially unwanted

Analysis date:

3/10/2025 3:10:22 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Zusy.141675

5694600

Agnitum Outpost

PUA.AdSvc

7.1.1

AhnLab V3 Security

PUP/Win32.ConvertAd

2015.04.28

avast!

Win32:Adware-gen [Adw]

2014.9-150509

AVG

Generic6

2016.0.3114

Baidu Antivirus

Adware.Win32.ConvertAd

4.0.3.1559

Bitdefender

Trojan.GenericKD.2277933

1.0.20.645

Dr.Web

Trojan.Inject1.54461

9.0.1.0129

Emsisoft Anti-Malware

Trojan.GenericKD.2277933

8.15.05.09.02

ESET NOD32

Win32/Adware.ConvertAd.FU application

7.0.302.0

Fortinet FortiGate

Riskware/ConvertAd

5/9/2015

F-Secure

Gen:Variant.Adware.Zusy

5.15.21

G Data

Trojan.GenericKD.2277933

15.5.25

K7 AntiVirus

Riskware

13.203.15726

Kaspersky

UDS:DangerousObject.Multi.Generic

14.0.0.2067

MicroWorld eScan

Trojan.GenericKD.2277933

16.0.0.387

NANO AntiVirus

Riskware.Win32.AdSvc.dqlcrn

0.30.20.1219

nProtect

Trojan.GenericKD.2277933

15.04.27.01

Panda Antivirus

Generic Suspicious

15.05.09.02

Quick Heal

AdWare.AdSvc.r5 (Not a Virus)

5.15.14.00

Reason Heuristics

Threat.Win.Reputation.IMP

15.5.9.10

Sophos

Generic PUA NI

4.98

VIPRE Antivirus

Trojan.Win32.Generic

39738

Zillya! Antivirus

Adware.AdSvc.Win32.71

2.0.0.2156

File size:

113 KB (115,712 bytes)

Common path:

C:\users\{user}\appdata\local\98a3deb6-1428679417-11e0-831d-20e12f0380b0\insx208e.tmp

File PE Metadata

Compilation timestamp:

4/10/2015 1:20:10 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

1536:uK8BN96rVz9ijQQZYr6DqliIOvESktiZCRVndlZ0fBAjW9nS7OB+42D:Iz9ugYr6D6iiKZChP6BxS7OB+42D

Entry address:

0xA6F2

Entry point:

E8, 7F, 2D, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, B8, 73, 41, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 90, 70, 41, 00, C9, C2, 08, 00, 8B, FF, 55, 8B, EC, 8B, 55, 08, 56, 57, 85, D2, 74, 07, 8B, 7D, 0C, 85, FF, 75, 13, E8, 82, 1E, 00, 00, 6A, 16, 5E, 89, 30, E8, 26, 1E, 00, 00, 8B, C6, EB, 33, 8B, 45... 
[+]

Entropy:

6.2611

Code size:

86 KB (88,064 bytes)

Service

Display name:

Caps Lock Key Session

Service name:

vifyxutu

Description:

Divide Content

Type:

Win32OwnProcess

The file insx208e.tmp has been seen being distributed by the following URL.

http://d2htwdv930b0cg.cloudfront.net/IGSrv.exe

Remove insx208e.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.