inygp.exe

Virtual

Virtual Group

The executable inygp.exe, “Virtual Group Index” has been detected as malware by 14 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler triggered daily at a specified time. While running, it connects to the Internet address a.tribalfusion.com on port 80 using the HTTP protocol.
Publisher:
Virtual Group

Product:
Virtual

Description:
Virtual Group Index

Version:
0.0.0.4

MD5:
16530862a8aa0cfbc2f91937ab6c86da

SHA-1:
addc8afe0f3963fedf51d0679d1a2b3bbc137405

SHA-256:
bdf942c7c61e08c2471c34ef1dbb81adf6033d5a2dd06d5fcfdea1838fe3fb94

Scanner detections:
14 / 68

Status:
Malware

Analysis date:
11/23/2024 5:31:21 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Agent.BDJJ
859

avast!
Win32:Dropper-gen [Drp]
140531-1

AVG
Crypt3
2015.0.3337

Bitdefender
Trojan.Agent.BDJJ
1.0.20.1355

Bkav FE
HW32.CDB
1.3.0.4959

Emsisoft Anti-Malware
Trojan.Agent.BDJJ
8.14.09.28.11

ESET NOD32
Win32/Kryptik.CDRK trojan
7.0.302.0

F-Secure
Trojan.Agent.BDJJ
11.2014-28-09_1

G Data
Trojan.Agent.BDJJ
14.9.24

Malwarebytes
Trojan.Agent.ED
v2014.06.05.07

MicroWorld eScan
Trojan.Agent.BDJJ
15.0.0.813

Qihoo 360 Security
Malware.QVM20.Gen
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
14.9.28.23

SUPERAntiSpyware
Trojan.Agent/Gen-Suspicious
10331

File size:
274 KB (280,576 bytes)

Product version:
0.0.0.4

Copyright:
Copyright (C) 2011

Original file name:
Virtual

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\syswow64\inygp.exe

File PE Metadata
Compilation timestamp:
1/27/1979 6:25:53 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:ofppZS+icbxKiXYvckvUYxI99GJQ68CzKwhY/CPItyst:ofDZzhTkvUaa9bINMCPI

Entry address:
0x4E6B

Entry point:
55, 8B, EC, 83, EC, 68, 53, 56, 57, BE, 00, 00, 00, 01, 33, FF, 4E, FF, 15, 34, 70, 44, 00, 3B, F7, 75, F5, 68, 94, CD, 40, 00, 8D, 45, 98, 50, FF, 15, A4, 70, 44, 00, BB, 6C, E0, 40, 00, 85, C0, 74, 18, 6A, 5A, 53, 68, B8, CD, 40, 00, 68, CC, CD, 40, 00, 68, E4, CD, 40, 00, FF, 15, 28, 70, 44, 00, 68, 09, 04, 00, 00, 57, 68, 08, CE, 40, 00, 57, FF, 15, 48, 70, 44, 00, 85, C0, 0F, 85, E3, 00, 00, 00, 68, 20, CE, 40, 00, 6A, 01, 57, FF, 15, 08, 70, 44, 00, 85, C0, 74, 0E, 53, 68, C8, 00, 00, 00, FF, 15, A8...
 
[+]

Entropy:
7.7982

Developed / compiled with:
Microsoft Visual C++

Code size:
17.7 KB (18,170 bytes)

Scheduled Task
Task name:
Security Center Update - 1027371599

Trigger:
Daily (Runs daily at 6:00 PM)

Description:
Keeps your Security Center software up to date. If this task is disabled or stopped, your Security Center software will not be kept up to date, meanin


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to wordpress.com  (207.198.101.124:443)

TCP (HTTP):
Connects to server-54-230-7-117.dfw3.r.cloudfront.net  (54.230.7.117:80)

TCP (HTTP):
Connects to server-54-230-6-120.dfw3.r.cloudfront.net  (54.230.6.120:80)

TCP (HTTP):
Connects to server-54-230-6-114.dfw3.r.cloudfront.net  (54.230.6.114:80)

TCP (HTTP):
Connects to server-54-230-5-102.dfw3.r.cloudfront.net  (54.230.5.102:80)

TCP (HTTP):
Connects to server-54-230-4-6.dfw3.r.cloudfront.net  (54.230.4.6:80)

TCP (HTTP):
Connects to og-in-f141.1e100.net  (74.125.198.141:80)

TCP (HTTP):
Connects to mpr2.ngd.vip.bf1.yahoo.com  (98.139.225.43:80)

TCP (HTTP):
Connects to map2.hwcdn.net  (205.185.216.10:80)

TCP (HTTP):
Connects to ip188.67-202-66.static.steadfastdns.net  (67.202.66.188:80)

TCP (HTTP):
Connects to float.1404.bm-impbus.prod.lax1.adnexus.net  (68.67.128.7:80)

TCP (HTTP):
Connects to float.1375.bm-impbus.prod.nym2.adnexus.net  (68.67.152.71:80)

TCP (HTTP SSL):
Connects to edge-star-shv-09-dfw1.facebook.com  (31.13.66.128:443)

TCP (HTTP):
Connects to ec2-54-85-76-73.compute-1.amazonaws.com  (54.85.76.73:80)

TCP (HTTP):
Connects to ec2-54-85-108-124.compute-1.amazonaws.com  (54.85.108.124:80)

TCP (HTTP):
Connects to ec2-54-84-97-79.compute-1.amazonaws.com  (54.84.97.79:80)

TCP (HTTP):
Connects to ec2-54-84-71-30.compute-1.amazonaws.com  (54.84.71.30:80)

TCP (HTTP SSL):
Connects to ec2-54-81-253-192.compute-1.amazonaws.com  (54.81.253.192:443)

TCP (HTTP):
Connects to ec2-54-243-74-164.compute-1.amazonaws.com  (54.243.74.164:80)

TCP (HTTP):
Connects to ec2-54-243-242-72.compute-1.amazonaws.com  (54.243.242.72:80)

Remove inygp.exe - Powered by Reason Core Security