netpanel.exe

Internet Research

Gemius S.A.

The application netpanel.exe, “Internet Research Service” by Gemius S.A has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. While running, it connects to the Internet address ls3.host.hit.gemius.pl on port 443.
Publisher:
Gemius  (signed by Gemius S.A.)

Product:
Internet Research

Description:
Internet Research Service

Version:
2, 49, 0, 1

MD5:
615dcfadc182f1dd575b25e35f94e99c

SHA-1:
95a5da238246ed2fadb8b341fc7a52e5e154a112

SHA-256:
892d79c03006e24d3eba142bd7cca15c12c0a09bf49e5b58139a531cb75f8691

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/16/2024 8:52:28 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.11.28.19

File size:
3.4 MB (3,539,640 bytes)

Product version:
2, 49, 0, 1

Copyright:
Copyright (C) 2011 Gemius

File type:
Executable application (Win32 EXE)

Language:
English

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
5/20/2016 2:00:00 AM

Valid to:
7/20/2019 1:59:59 AM

Subject:
CN=Gemius S.A., O=Gemius S.A., L=Warszawa, S=Mazowieckie, C=PL

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
051EC14F4A0037DD6936254DC8119676

File PE Metadata
Compilation timestamp:
11/21/2016 12:10:13 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:2xHNH51ereINm2gPuvHO7XK5xFRT4fLFgt0gXx3M3qTx9GcUqitJ:I514mFu2XcFGLFgqgXx3M3V

Entry address:
0x21D810

Entry point:
E8, AF, 2F, 01, 00, E9, 78, FE, FF, FF, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 00, 01, 00, 00, 72, 0E, 83, 3D, 74, EC, 72, 00, 00, 74, 05, E9, 65, 30, 01, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75, F6, 8B...
 
[+]

Code size:
2.5 MB (2,610,176 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to rev-213.189.48.205.atman.pl  (213.189.48.205:443)

TCP (HTTP SSL):
Connects to host-85.232.230.226.maxpi.pl  (85.232.230.226:443)

TCP (HTTP SSL):
Connects to rev-213.189.48.207.atman.pl  (213.189.48.207:443)

TCP (HTTP SSL):
Connects to rev-213.189.48.243.atman.pl  (213.189.48.243:443)

TCP (HTTP SSL):
Connects to ls3.host.hit.gemius.pl  (137.74.1.65:443)

TCP (HTTP):
Connects to rev-213.189.48.246.atman.pl  (213.189.48.246:80)

TCP (HTTP SSL):
Connects to rev-213.189.48.245.atman.pl  (213.189.48.245:443)

TCP (HTTP):
Connects to rev-213.189.48.242.atman.pl  (213.189.48.242:80)

TCP (HTTP SSL):
Connects to rev-213.189.48.206.atman.pl  (213.189.48.206:443)

TCP (HTTP SSL):
Connects to ls4.host.hit.gemius.pl  (137.74.1.66:443)

TCP (HTTP SSL):
Connects to ls1.host.hit.gemius.pl  (137.74.1.50:443)

Remove netpanel.exe - Powered by Reason Core Security