home

internetinstaller.exe

Браузер Интернет с сервисами Mail.Ru

LLC Mail.Ru

The application internetinstaller.exe by LLC Mail.Ru has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from internetmailru.cdnmail.ru and multiple other hosts. While running, it connects to the Internet address mrds.mail.ru on port 80 using the HTTP protocol.
Publisher:
Mail.Ru  (signed by LLC Mail.Ru)

Product:
Браузер Интернет с сервисами Mail.Ru

Version:
1, 0, 0, 1126

MD5:
1c0b856e9be2b1341f9b47ed81b89c11

SHA-1:
ab6fc099a560d5a10bc05c8e5af651d91bf694d9

SHA-256:
898be418df74ec9fc48449be8bb900798ff6e5c24fba7bd15710641d5e9ec396

Scanner detections:
2 / 68

Status:
Potentially unwanted

Analysis date:
4/23/2024 5:33:43 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.MailRu.R
14.4.26.9

Rising Antivirus
PE:Trojan.RuMail!1.6574
23.00.65.14424

File size:
25.3 MB (26,517,024 bytes)

Product version:
1, 0, 0, 1126

Copyright:
Copyright 2011

Original file name:
Internet.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
LLC Mail.Ru

Authority:
Thawte, Inc.

Valid from:
12/9/2011 2:00:00 AM

Valid to:
2/7/2014 1:59:59 AM

Subject:
CN=LLC Mail.Ru, O=LLC Mail.Ru, L=Moscow, S=Moscow, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
1C09DBBC732D4B58F7A88EBACF323417

File PE Metadata
Compilation timestamp:
2/7/2013 3:42:29 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
786432:ZViyo83cAEbk9yC900JTcpHNX1wxYUDGc:ZEyoHvC99JToNl9UDGc

Entry address:
0x11A732

Entry point:
E8, FC, BC, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, 83, 3D, 60, 1E, 59, 00, 00, 74, 2D, 55, 8B, EC, 83, EC, 08, 83, E4, F8, DD, 1C, 24, F2, 0F, 2C, 04, 24, C9, C3, 83, 3D, 60, 1E, 59, 00, 00, 74, 11, 83, EC, 04, D9, 3C, 24, 58, 66, 83, E0, 7F, 66, 83, F8, 7F, 74, D3, 55, 8B, EC, 83, EC, 20, 83, E4, F0, D9, C0, D9, 54, 24, 18, DF, 7C, 24, 10, DF, 6C, 24, 10, 8B, 54, 24, 18, 8B, 44, 24, 10, 85, C0, 74, 3C, DE, E9, 85, D2, 79, 1E, D9, 1C, 24, 8B, 0C, 24, 81, F1, 00, 00, 00, 80, 81, C1, FF, FF, FF, 7F, 83...
 
[+]

Entropy:
7.9587  (probably packed)

Code size:
1.3 MB (1,331,712 bytes)

The file internetinstaller.exe has been seen being distributed by the following 3 URLs.

http://internetmailru.cdnmail.ru/InternetInstaller.exe

http://internetmailru.cdnmail.ru/Internet_rfradw.exe

http://internetmailru.cdnmail.ru/Internet_rfrmain.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to mrds.mail.ru  (217.69.139.245:80)

Remove internetinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.