home

inetstat.exe

Astori LLC

The application inetstat.exe by Astori has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘InetStat’.
Publisher:
Astori LLC  (signed and verified)

MD5:
07642f136ede6d54ba2e8b7083275860

SHA-1:
0e9388f78445cf8164bfc806d82c1dd8a9cdaba4

SHA-256:
48c3f25a89d12db4aae9bfd0578c8e4301e697668afa1c7dc58d6ab57980ce62

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/26/2024 3:16:19 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
17.2.27.10

File size:
1019.7 KB (1,044,144 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\inetstat\inetstat.exe

Digital Signature
Signed by:
Astori LLC

Authority:
COMODO CA Limited

Valid from:
4/8/2014 1:00:00 AM

Valid to:
4/8/2017 12:59:59 AM

Subject:
CN=Astori LLC, O=Astori LLC, STREET="Skladochnaya st. 1, bld. 13", L=Moscow, S=Moscow, PostalCode=127018, C=RU

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
008630CBC0FAD3185D0B0E0C47F99ECFC2

File PE Metadata
Compilation timestamp:
8/5/2014 7:54:20 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
2.22

Entry address:
0x1280

Entry point:
83, EC, 1C, C7, 04, 24, 01, 00, 00, 00, FF, 15, 08, A5, 44, 00, E8, 6B, FD, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, 83, EC, 1C, C7, 04, 24, 02, 00, 00, 00, FF, 15, 08, A5, 44, 00, E8, 4B, FD, FF, FF, 8D, 74, 26, 00, 8D, BC, 27, 00, 00, 00, 00, A1, 50, A5, 44, 00, FF, E0, 89, F6, 8D, BC, 27, 00, 00, 00, 00, A1, 24, A5, 44, 00, FF, E0, 90, 90, 90, 90, 90, 90, 90, 90, 90, 8B, 0D, AC, 80, 43, 00, 85, C9, 74, 38, 55, 89, E5, 83, EC, 18, C7, 04, 24, 00, 90, 43, 00, E8, 68, 5C, 03, 00, 52, 85, C0, 74...
 
[+]

Code size:
217 KB (222,208 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
InetStat

Command:
C:\users\{user}\appdata\roaming\inetstat\inetstat.exe


Remove inetstat.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.