home

Internet.exe

Браузер Интернет с сервисами Mail.Ru

LLC Mail.Ru

The application Internet.exe by LLC Mail.Ru has been detected as a potentially unwanted program by 3 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from r.mail.ru and multiple other hosts. While running, it connects to the Internet address mrds.mail.ru on port 80 using the HTTP protocol.
Publisher:
Mail.Ru  (signed by LLC Mail.Ru)

Product:
Браузер Интернет с сервисами Mail.Ru

Version:
1, 0, 0, 1445

MD5:
9b0211d6a89b7d3d07e421bd5504ace9

SHA-1:
7abd9cbf86743c0551c985e945a88114b7c3ace9

SHA-256:
33828d15866178170287d1f2663fa49178151c50fffcdf4b643182bcf10ee999

Scanner detections:
3 / 68

Status:
Potentially unwanted

Analysis date:
11/23/2024 8:04:28 AM UTC  (today)

Scan engine
Detection
Engine version

NANO AntiVirus
Trojan.Win32.Delf.cqwszn
0.28.0.57029

Reason Heuristics
PUP.Optional.MailRu.I
14.3.28.18

Rising Antivirus
PE:Trojan.RuMail!1.6574
23.00.65.131220

File size:
38.1 MB (39,920,672 bytes)

Product version:
1, 0, 0, 1445

Copyright:
Copyright 2011

Original file name:
Internet.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\internet.exe

Digital Signature
Signed by:
LLC Mail.Ru

Authority:
Thawte, Inc.

Valid from:
12/9/2011 3:00:00 AM

Valid to:
2/7/2014 2:59:59 AM

Subject:
CN=LLC Mail.Ru, O=LLC Mail.Ru, L=Moscow, S=Moscow, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
1C09DBBC732D4B58F7A88EBACF323417

File PE Metadata
Compilation timestamp:
12/6/2013 1:42:05 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
786432:I/y8djMvd7glTOD51lapWlpfM1ljxmt71Rr06DkVpDxyrX7eqeuP:I/yK+CWlapWl4loK6VrqqeuP

Entry address:
0x15EC38

Entry point:
E8, 26, ED, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 83, 3D, 40, 2C, 5F, 00, 00, 74, 2D, 55, 8B, EC, 83, EC, 08, 83, E4, F8, DD, 1C, 24, F2, 0F, 2C, 04, 24, C9, C3, 83, 3D, 40, 2C, 5F, 00, 00, 74, 11, 83, EC, 04, D9, 3C, 24, 58, 66, 83, E0, 7F, 66, 83, F8, 7F, 74, D3, 55, 8B, EC, 83, EC, 20, 83, E4, F0, D9, C0, D9, 54, 24, 18, DF, 7C, 24, 10, DF, 6C, 24, 10, 8B, 54, 24, 18, 8B, 44, 24, 10, 85, C0, 74, 3C, DE, E9, 85, D2, 79, 1E, D9, 1C, 24, 8B, 0C, 24, 81, F1, 00...
 
[+]

Code size:
1.6 MB (1,671,168 bytes)

The file Internet.exe has been seen being distributed by the following 15 URLs.

http://r.mail.ru/n97462637?&test_id=133&rnd=184630287

http://soft.mydiv.net/win/dlfilea3379_253513/.../InternetInstaller.exe

http://r.mail.ru/n97462637?&rnd=113696822

http://r.mail.ru/n97462637?&rnd=393636751

http://r.mail.ru/n97462637?&rnd=210004756

http://softgallery.ru/?wpfb_dl=117

http://r.mail.ru/n97462637?&rnd=163007542

http://r.mail.ru/n97462637?&rnd=176077237

http://r.mail.ru/n97462637?&rnd=137125804

http://r.mail.ru/n97462637?&rnd=816690074

http://internetmailru.cdnmail.ru/Internet.exe

http://softprime.net/.../download.php?id=22

http://internet.mail.ru/InternetInstaller.exe

http://internetmailru.cdnmail.ru/InternetInstaller.exe

http://internetmailru.cdnmail.ru/Internet_rfrodnoklassniki.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to mrds.mail.ru  (217.69.139.245:80)

Remove Internet.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.