» inetinfo.exe
Overview
Analysis
File Details
Network (1)

inetinfo.exe

The application inetinfo.exe has been detected as a potentially unwanted program by 40 anti-malware scanners. While running, it connects to the Internet address unknown.prolexic.com on port 80 using the HTTP protocol.

File name:

inetinfo.exe

MD5:

dbf7f44a5e52847754021ad82c900e2f

SHA-1:

8111e6c8d746344ef00955834dd9836f2d1f00e2

SHA-256:

4f460e1f09b7c70e60e0960774ecc26d879991c4e60804fdde1a808ec90b7b71

Scanner detections:

40 / 68

Status:

Potentially unwanted

Analysis date:

5/21/2024 10:58:36 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Generic.Brontok.6CDA2F95

403

Agnitum Outpost

I-Worm.Brontok.Gen.2

7.1.1

AhnLab V3 Security

HEUR/Fakon.mwf

2014.12.29

Avira AntiVirus

Worm/Rontobro.E

7.11.198.100

avast!

Win32:Brontok-CE [Wrm]

2014.9-151229

AVG

I-Worm/Brontok.X

2016.0.2881

Baidu Antivirus

Trojan.Win32.FakeFolder

4.0.3.151229

Bitdefender

Generic.Brontok.6CDA2F95

1.0.20.1815

Bkav FE

W32.BrontokQ

1.3.0.6267

Clam AntiVirus

Worm.Brontok.AI

0.98/21511

Comodo Security

Packed.Win32.Packer.~GEN

20516

Dr.Web

BackDoor.Generic.1138

9.0.1.0363

Emsisoft Anti-Malware

Generic.Brontok.6CDA2F95

8.15.12.29.07

ESET NOD32

Win32/Brontok.BF

9.10937

Fortinet FortiGate

W32/Brontok.D@mm

12/29/2015

F-Prot

W32/Brontok.FS@mm

v6.4.7.1.166

F-Secure

Generic.Brontok.6CDA2F95

11.2015-29-12_3

G Data

Generic.Brontok.6CDA2F95

15.12.24

IKARUS anti.virus

Email-Worm.Win32.Brontok

t3scan.1.8.5.0

K7 AntiVirus

EmailWorm

13.188.14468

Kaspersky

Email-Worm.Win32.Brontok

14.0.0.898

Malwarebytes

Trojan.Dropper

v2015.12.29.07

McAfee

W32/Rontokbro.gen@MM

5600.6537

Microsoft Security Essentials

Worm:Win32/Brontok.AS@mm

1.11302

MicroWorld eScan

Generic.Brontok.6CDA2F95

16.0.0.1089

NANO AntiVirus

Trojan.Win32.Brontok.pxug

0.30.0.64448

Norman

Rontokbro

11.20151229

nProtect

Worm/W32.Brontok.45374

14.12.26.01

Panda Antivirus

W32/Brontok.GS.worm

15.12.29.07

Qihoo 360 Security

Win32/Worm.Email-Worm.343

1.0.0.1015

Quick Heal

W32.Brontok.Q

12.15.14.00

Rising Antivirus

PE:Trojan.Win32.Generic.13BC347A!331101306

23.00.65.151227

Sophos

W32/Brontok-N

4.98

SUPERAntiSpyware

Adware.Lop

9418

Total Defense

Win32/ASuspect.HFAEN!genus

37.0.11355

Trend Micro House Call

WORM_RONTKBR.GEN

7.2.363

Trend Micro

WORM_RONTKBR.GEN

10.465.29

Vba32 AntiVirus

OScope.Trojan.VB.01849

3.12.26.3

VIPRE Antivirus

Email-Worm.Win32.Brontok.ik

36172

ViRobot

I-Worm.Win32.Brontok.45374[h]

2014.3.20.0

File size:

44.3 KB (45,374 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\inetinfo.exe

File PE Metadata

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

5.12

CTPH (ssdeep):

768:anA/5XCC23x/yi9fl8+toI3XiS28AvLq+pmpLWNrLET2B3yE8PKv35BMCc:kw5XCCAnM+K6yS2NvLq+pmVWNrS2ByEA

Entry address:

0x30F25

Entry point:

E9, 2A, F2, FC, FF, 0C, 60, 02, 00, 00, 00, 00, 00, 00, 00, 00, 00, FC, 0E, 03, 00, 0C, 60, 02, 00... 
[+]

Packer / compiler:

RLPack FullEdition V1.1X

Code size:

512 Bytes (512 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to unknown.prolexic.com (72.52.4.121:80)

Remove inetinfo.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.