internetport3.exe

internetport3

The application internetport3.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This executable runs as a local area network (LAN) Internet proxy server listening on port 8877 and has the ability to intercept and modify all inbound and outbound Internet traffic on the local host. While running, it connects to the Internet address bn2b-cor001.api.p001.1drv.com on port 443.
Product:
internetport3

Version:
1.0.2.0

MD5:
2943023b33bb769d64721d4edccbd00b

SHA-1:
4ed8fe36bb2d43a9f01ea832d5a4b1e56595e5e3

SHA-256:
bab83ee67ecb4f77ce694b6a7a83173ad3e5697b95845e4f4bc8697534268a80

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
11/5/2024 6:33:34 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Dotdo.Meta (M)
16.4.24.12

File size:
10.5 KB (10,752 bytes)

Product version:
1.0.2.0

Copyright:
Copyright ©2013 Telerik

Original file name:
internetport3.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

File PE Metadata
Compilation timestamp:
3/17/2015 11:55:20 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
192:ApPIVgVlIPoIViQHksLnQpbkhiA2EJIis12msh:UPju1HE5ySA31

Entry address:
0x3FCE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 02, 00, 10, 00, 00, 00, 20, 00, 00, 80, 18, 00, 00, 00, 38, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 50, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 68, 00...
 
[+]

Entropy:
4.9102

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
8 KB (8,192 bytes)

Local Proxy Server
Proxy for:
Internet Settings

Local host address:
http://127.0.0.1:8877/

Local host port:
8877

Default credentials:
No


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to r-93-44-234-77.ff.avast.com  (77.234.44.93:443)

TCP (HTTP SSL):
Connects to ec2-54-225-194-96.compute-1.amazonaws.com  (54.225.194.96:443)

TCP (HTTP):
Connects to ec2-52-2-99-223.compute-1.amazonaws.com  (52.2.99.223:80)

TCP (HTTP):
Connects to ec2-52-200-196-73.compute-1.amazonaws.com  (52.200.196.73:80)

TCP (HTTP SSL):
Connects to a23-203-68-184.deploy.static.akamaitechnologies.com  (23.203.68.184:443)

TCP (HTTP):
Connects to px-acs001.quantserve.com.akadns.net  (74.217.63.38:80)

TCP (HTTP):
Connects to presentation-atl1.turn.com  (50.116.194.21:80)

TCP (HTTP):
Connects to pr-bh.pbp.vip.bf1.yahoo.com  (72.30.2.182:80)

TCP (HTTP):
Connects to https-69-28-190-136.yul.llnw.net  (69.28.190.136:80)

TCP (HTTP):
Connects to ec2-54-225-200-17.compute-1.amazonaws.com  (54.225.200.17:80)

TCP (HTTP):
Connects to ec2-54-213-173-26.us-west-2.compute.amazonaws.com  (54.213.173.26:80)

TCP (HTTP):
Connects to ec2-54-164-191-235.compute-1.amazonaws.com  (54.164.191.235:80)

TCP (HTTP):
Connects to ec2-52-87-66-130.compute-1.amazonaws.com  (52.87.66.130:80)

TCP (HTTP):
Connects to ec2-52-86-186-156.compute-1.amazonaws.com  (52.86.186.156:80)

TCP (HTTP):
Connects to ec2-52-86-138-157.compute-1.amazonaws.com  (52.86.138.157:80)

TCP (HTTP):

TCP (HTTP):
Connects to ec2-52-22-114-94.compute-1.amazonaws.com  (52.22.114.94:80)

TCP (HTTP):
Connects to ec2-52-203-229-152.compute-1.amazonaws.com  (52.203.229.152:80)

TCP (HTTP):
Connects to ec2-52-202-159-191.compute-1.amazonaws.com  (52.202.159.191:80)

TCP (HTTP SSL):
Connects to ec2-52-20-120-15.compute-1.amazonaws.com  (52.20.120.15:443)

Remove internetport3.exe - Powered by Reason Core Security