netpanel.exe

Internet Research

Gemius S.A.

The application netpanel.exe, “Internet Research Service” by Gemius S.A has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address ls4.host.hit.gemius.pl on port 443.
Publisher:
Gemius  (signed by Gemius S.A.)

Product:
Internet Research

Description:
Internet Research Service

Version:
2, 49, 0, 1

MD5:
3f7ecfe095f1e2e61649976076eca70c

SHA-1:
0423654b7e00163b167253f32fa912d00bc4a745

SHA-256:
589e0accd43704d11164453d715d0683b9c84dbcb6d95442cccfa44817b769b4

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
12/25/2024 4:18:34 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.11.21.22

File size:
3.4 MB (3,539,640 bytes)

Product version:
2, 49, 0, 1

Copyright:
Copyright (C) 2011 Gemius

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\netpanel\netpanel.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
5/20/2016 3:00:00 AM

Valid to:
7/20/2019 2:59:59 AM

Subject:
CN=Gemius S.A., O=Gemius S.A., L=Warszawa, S=Mazowieckie, C=PL

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
051EC14F4A0037DD6936254DC8119676

File PE Metadata
Compilation timestamp:
11/21/2016 2:10:13 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:QxHNH51ereINm2gPuvHO7XK5xFRT4fLFgt0gXx3M3qTx9GcUqitY:e514mFu2XcFGLFgqgXx3M3M

Entry address:
0x21D810

Entry point:
E8, AF, 2F, 01, 00, E9, 78, FE, FF, FF, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 00, 01, 00, 00, 72, 0E, 83, 3D, 74, EC, 72, 00, 00, 74, 05, E9, 65, 30, 01, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75, F6, 8B...
 
[+]

Entropy:
6.4542

Code size:
2.5 MB (2,610,176 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to rev-213.189.48.247.atman.pl  (213.189.48.247:443)

TCP (HTTP SSL):
Connects to rev-213.189.48.207.atman.pl  (213.189.48.207:443)

TCP (HTTP SSL):
Connects to ls5.host.hit.gemius.pl  (137.74.1.69:443)

TCP (HTTP SSL):
Connects to rev-213.189.48.206.atman.pl  (213.189.48.206:443)

TCP (HTTP SSL):
Connects to rev-213.189.48.205.atman.pl  (213.189.48.205:443)

TCP (HTTP SSL):
Connects to rev-213.189.48.244.atman.pl  (213.189.48.244:443)

TCP (HTTP SSL):
Connects to rev-213.189.48.242.atman.pl  (213.189.48.242:443)

TCP (HTTP SSL):
Connects to rev-213.189.48.208.atman.pl  (213.189.48.208:443)

TCP (HTTP SSL):
Connects to ls4.host.hit.gemius.pl  (137.74.1.66:443)

TCP (HTTP SSL):
Connects to rev-213.189.48.245.atman.pl  (213.189.48.245:443)

TCP (HTTP):
Connects to rev-213.189.48.243.atman.pl  (213.189.48.243:80)

TCP (HTTP):
Connects to ls3.host.hit.gemius.pl  (137.74.1.65:80)

TCP (HTTP):

TCP (HTTP SSL):
Connects to host-85.232.230.229.maxpi.pl  (85.232.230.229:443)

TCP (HTTP SSL):
Connects to host-85.232.230.228.maxpi.pl  (85.232.230.228:443)

TCP (HTTP):

Remove netpanel.exe - Powered by Reason Core Security