» directx_9.10.11.exe
Overview
Analysis
File Details
Network (1)

directx_9.10.11.exe

IN SITE GROUP LLC

The application directx_9.10.11.exe by IN SITE GROUP has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. While running, it connects to the Internet address 85-10-200-21.clients.your-server.de on port 80 using the HTTP protocol.

File name:

directx_9.10.11.exe

Publisher:

IN SITE GROUP LLC (signed and verified)

MD5:

4ce857affde1f6eb63a673813f096ced

SHA-1:

6ff5ee6ed0562e43c0e3a4f5908a7309a2e537a8

SHA-256:

18a81c1f797e88ebad200297baeb72c0754a5dfa73653aa1ee0e8fa547793d60

Scanner detections:

7 / 68

Status:

Adware

Analysis date:

4/25/2024 7:57:02 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.Agent

2014.10.17

AVG

Generic

2015.0.3289

Baidu Antivirus

PUA.Win32.Softobase

4.0.3.141116

Dr.Web

Adware.Downware.8427

9.0.1.0320

ESET NOD32

Win32/Softobase

8.10575

McAfee

Artemis!4CE857AFFDE1

5600.6945

Reason Heuristics

PUP.INSITEGROUP.N

14.11.21.23

File size:

152.9 KB (156,552 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Common path:

C:\users\{user}\downloads\directx_9.10.11.exe

Digital Signature

Signed by:

IN SITE GROUP LLC

Authority:

COMODO CA Limited

Valid from:

12/24/2013 4:00:00 AM

Valid to:

12/25/2014 3:59:59 AM

Subject:

CN=IN SITE GROUP LLC, OU=IT DEPARTMENT, O=IN SITE GROUP LLC, STREET=GAGARINA AVENUE 115, L=DNEPROPETROVSK, S=Outside United States, PostalCode=49000, C=UA

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

55D394430ABD92A2E716421844EC9E5B

File PE Metadata

Compilation timestamp:

2/19/2012 7:01:49 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

3072:6X7DItrfaocyTgfsqQOlJOQN3tNuPx+r1tnst4Z5PBTPAD9:6saocyLCOQZtNuPx+vst+5FK

Entry address:

0x4327

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, 93, 42, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, 94, 42, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, 94, 42, 00, 56, A3, 40, 7B, 42, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 7B, 42, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, 94, 42, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7... 
[+]

Code size:

34.5 KB (35,328 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to 85-10-200-21.clients.your-server.de (85.10.200.21:80)

Remove directx_9.10.11.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.