home

in.exe

DownloadGuide

The application in.exe has been detected as a potentially unwanted program by 7 anti-malware scanners. The file has been seen being downloaded from www.browser.de.
Product:
DownloadGuide

Version:
1.3.0.0

MD5:
0a5c62448b3967bc9946d48242e83fb0

SHA-1:
0d7625b2f4703ae18b0f3b095741e1ca4c9a7ee9

SHA-256:
f6e8fe199823f4560fa61690367ac774799166e2240620808d46dad775365725

Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
4/18/2024 1:41:46 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
ADWARE/ShareW.Gen
7.11.144.160

Dr.Web
Trojan.DownLoader9.16196
9.0.1.0115

ESET NOD32
MSIL/DownloadGuide (variant)
8.9704

McAfee
Artemis!0A5C62448B39
5600.7150

Norman
Suspicious_Gen4.GEVIM
11.20140425

VIPRE Antivirus
Immanitas Entertainment GmbH
28474

File size:
435 KB (445,424 bytes)

Product version:
1.3.0.0

Copyright:
Copyright © 2012

Original file name:
in.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\in.exe

File PE Metadata
Compilation timestamp:
8/1/2013 12:36:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:LTM739gZLicIj5OrAPfl9d9ELMrZc7SXlar/PflYd9ALMrZcXSx9F:LygAcOAAXjd9ELMu7H/Xud9ALMuXuF

Entry address:
0x450C8

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.9328

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
268.5 KB (274,944 bytes)

The file in.exe has been seen being distributed by the following URL.

http://www.browser.de/firefox/.../firefox.exe

Remove in.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.