rktyhgydxms.exe

Insta Share

Interesting Solutions

This is part of an adware program designed to inject advertising in the web browser (banners, text-links) as well as modify the normal behavior of the browser as well as modify the computer’s system settings that control applications to run on startup. Part of the Injekt brand of unwanted programs. The application rktyhgydxms.exe, “InstaShare Service” by Interesting Solutions has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Interesting Solutions  (signed and verified)

Product:
Insta Share

Description:
InstaShare Service

Version:
1.0.0.0

MD5:
5707ae1812b37a8faef39947bc296fdb

SHA-1:
97be1a20633621fab91a13f2a80b714fcad25f38

SHA-256:
4799273301f63276b247db57b946614c47924d86fb652c66a0c3e99b41189bb6

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Injects display ads (banner ads), in-text ads, interstitial ads, or other types of ads in the web browser as well as alters the browsers settings (home page, search, DNS, and security protocols).

Analysis date:
12/25/2024 12:27:33 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Injekt (M)
17.2.26.9

File size:
2.2 MB (2,321,776 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © Interesting Solutions 2014

Original file name:
InstaShareService.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\ProgramData\gkemqmpqk\rktyhgydxms.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
4/2/2014 5:30:00 AM

Valid to:
4/3/2015 5:29:59 AM

Subject:
CN=Interesting Solutions, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Interesting Solutions, L=St. James, S=St. James, C=BB

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7AA52A387DFF197F28163BDDC97B61EA

File PE Metadata
Compilation timestamp:
10/2/2014 5:31:52 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

Entry address:
0x2368CE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9994

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.2 MB (2,312,704 bytes)

Remove rktyhgydxms.exe - Powered by Reason Core Security