» IngatoClient.exe
Overview
Analysis
File Details
Downloads (3)

IngatoClient.exe

Ingato Client

Ingato LTD

The executable IngatoClient.exe, “This installer database contains the logic and data required to install Ingato Client.” has been detected as malware by 11 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from ingato-client.software.informer.com and multiple other hosts.

File name:

IngatoClient.exe

Publisher:

Ingato LTD

Product:

Ingato Client

Description:

This installer database contains the logic and data required to install Ingato Client.

Version:

1.92

MD5:

e7feff235f00e0f1a833fe89a2caadfe

SHA-1:

ba9d30fa6b86307de6a912161452e87a3a58747d

SHA-256:

ffb839d5e61ec9706d26231e4cdbf36a4e17dd3d58f449da50aab63b976cf899

Scanner detections:

11 / 68

Status:

Malware

Analysis date:

4/25/2024 2:10:21 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.12340838

775

Bitdefender

Trojan.Generic.12340838

1.0.20.1780

Emsisoft Anti-Malware

Trojan.Generic.12340838

8.14.12.22.07

F-Secure

Trojan.Generic.12340838

11.2014-22-12_2

G Data

Trojan.Generic.12340838

14.12.24

McAfee

Artemis!E7FEFF235F00

5600.6909

MicroWorld eScan

Trojan.Generic.12340838

15.0.0.1068

nProtect

Trojan.Generic.12340838

14.12.17.01

Trend Micro House Call

Suspicious_GEN.F47V1128

7.2.356

Vba32 AntiVirus

Downloader.Agent

3.12.26.3

Zillya! Antivirus

Trojan.Agent.Win32.491146

2.0.0.2007

File size:

10.7 MB (11,201,748 bytes)

Product version:

1.92

Original file name:

IngatoClient.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

File PE Metadata

Compilation timestamp:

6/17/2014 7:05:48 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

196608:VDQSY8gDQSY843FAgfvISrl6OxwIWw8RLK1B0L8VVJTpNAgtvY8:e6J2gfvISrIOSlDK1GwfpygtQ8

Entry address:

0xC831C

Entry point:

E8, 41, CC, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, F0, 33, DB, 3B, F3, 75, 1E, E8, 5D, 4E, 00, 00, 6A, 16, 5E, 53, 53, 53, 53, 53, 89, 30, E8, C5, D5, FF, FF, 83, C4, 14, 8B, C6, E9, C2, 00, 00, 00, 57, 39, 5D, 0C, 77, 1E, E8, 39, 4E, 00, 00, 6A, 16, 5E, 53, 53, 53, 53, 53, 89, 30, E8, A1, D5, FF, FF, 83, C4, 14, 8B, C6, E9, 9D, 00, 00, 00, 33, C0, 39, 5D, 14, 66, 89, 06, 0F, 95, C0, 40, 39, 45, 0C, 77, 09, E8, 0A, 4E, 00, 00, 6A, 22, EB, CF, 8B, 45, 10, 83, C0, FE, 83, F8, 22, 77... 
[+]

Entropy:

7.5753

Code size:

1020.5 KB (1,044,992 bytes)

The file IngatoClient.exe has been seen being distributed by the following 3 URLs.

http://ingato-client.software.informer.com/.../

http://ingato.com/en/.../IngatoClient

http://www.ingato.com/en/.../IngatoClient

Remove IngatoClient.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.