» inet32f.exe
Overview
Analysis
File Details
Network (9)

inet32f.exe

The application inet32f.exe has been detected as a potentially unwanted program by 33 anti-malware scanners. This is a malicious Bitcoin miner. Bitcoin-mining malware is designed to force computers to generate Bitcoins for cybercriminals' use and consumes computing power. While running, it connects to the Internet address static.14.31.201.138.clients.your-server.de on port 3333.

File name:

inet32f.exe

MD5:

3afeb8e9af02a33ff71bf2f6751cae3a

SHA-1:

fd358cfe41c7aa3aa9e4cf62f832d8ae6baa8107

SHA-256:

a0eba3fda0d7b22a5d694105ec700df7c7012ddc4ae611c3071ef858e2c69f08

Scanner detections:

33 / 68

Status:

Potentially unwanted

Explanation:

The program will mine for BitCoins using the computer's GPU in the background and may be installed and run without the user's knowledge.

Analysis date:

7/7/2025 12:37:46 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.11651107

859

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

Trojan/Win32.BitCoinMiner

2014.09.24

Avira AntiVirus

TR/Spy.1433600.35

7.11.174.2

avast!

Win32:Malware-gen

2014.9-140929

AVG

Trojan horse Generic36

2015.0.3337

Baidu Antivirus

Trojan.Win32.InfoStealer

4.0.3.14929

Bitdefender

Trojan.Generic.11651107

1.0.20.1360

Bkav FE

W32.DropperBatlweB.Trojan

1.3.0.4959

Comodo Security

UnclassifiedMalware

19599

Dr.Web

hacktool program Tool.BtcMine.431

9.0.1.0272

Emsisoft Anti-Malware

Trojan.Generic.11651107

8.14.09.29.01

ESET NOD32

Win32/BitCoinMiner.BX (variant)

8.10455

Fortinet FortiGate

Riskware/BitCoinMiner

9/29/2014

F-Secure

Trojan.Generic.11651107

11.2014-29-09_2

G Data

Trojan.Generic.11651107

14.9.24

IKARUS anti.virus

Trojan.SuspectCRC

t3scan.1.7.8.0

Kaspersky

Trojan-PSW.Win32.Tepfer

14.0.0.3180

McAfee

Artemis!3AFEB8E9AF02

5600.6993

MicroWorld eScan

Trojan.Generic.11651107

15.0.0.816

NANO AntiVirus

Trojan.Win32.BitCoinMiner.ddjqfi

0.28.2.62286

Norman

Suspicious_Gen5.ATCEO

11.20140929

nProtect

Trojan.Generic.11651107

14.09.23.01

Panda Antivirus

Trj/Chgt.B

14.09.29.01

Qihoo 360 Security

Win32/Trojan.PSW.174

1.0.0.1015

Quick Heal

TrojanPSW.Tepfer.g8

9.14.14.00

Rising Antivirus

PE:Trojan.Win32.Generic.1709F750!386529104

23.00.65.14927

Sophos

Mal/Generic-L

4.98

Trend Micro House Call

TROJ_SPNR.32H914

7.2.272

Trend Micro

TROJ_SPNR.32H914

10.465.29

Vba32 AntiVirus

TrojanPSW.Tepfer

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

33376

Zillya! Antivirus

Trojan.Tepfer.Win32.75643

2.0.0.1930

File size:

1.4 MB (1,433,600 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Documents and Settings\{user}\Application data\microsoft\network\inet32f.exe

File PE Metadata

Compilation timestamp:

7/23/2014 2:09:45 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

11.0

CTPH (ssdeep):

24576:gWKqa4hnzP3w7L3rmZmpk7FSQFW2iJ+N07/TwYV1CdZdQ+4lT+iFgiGTtswAtdz:gSrwf3aZmpOFU2iQNIUc1LxGTtswgd

Entry address:

0x24F455

Entry point:

68, 60, 00, DA, 45, E8, 41, 54, 0E, 00, A7, 85, FE, FE, 67, CD, 07, 5D, 5E, 33, 77, 03, B8, 96, 2A, 64, E9, 73, 43, 21, 05, 67, 4F, 13, BC, 14, 89, 3B, 13, 5B, 71, 2B, 52, 52, CB, 47, C6, 76, 78, C3, CD, 53, 27, 29, 48, 29, 47, 4F, 3C, B1, EB, D1, 8F, 8F, 33, 57, 4A, E4, 63, 79, 7B, 67, DB, B3, DC, F4, 75, F9, E3, CA, E0, 51, E7, F7, AD, 7D, 36, EF, 4E, A0, A3, 18, 6A, 48, 0E, 9D, A0, E9, FB, 10, 23, B0, 8D, C4, 1C, 31, D0, 02, 0C, 7E, 13, 1D, 5C, 25, B6, 8B, C8, D4, 79, F5, 31, 85, FC, 3A, F7, 52, BA, B7... 
[+]

Code size:

637 KB (652,288 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP:

Connects to static.12.31.201.138.clients.your-server.de (138.201.31.12:3333)

TCP:

Connects to static.14.31.201.138.clients.your-server.de (138.201.31.14:3333)

TCP:

Connects to static.13.31.201.138.clients.your-server.de (138.201.31.13:3333)

TCP:

Connects to monero.crypto-pool.fr (212.129.9.16:3333)

TCP:

Connects to 163-172-38-13.rev.poneytelecom.eu (163.172.38.13:1111)

Remove inet32f.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.