home

winnetinit.exe

Window NetHost

LLC

The application winnetinit.exe by LLC has been detected as adware by 2 anti-malware scanners. This file is typically installed with the program Window NetHost by DBL Soft.
Publisher:
DBL Soft  (signed by LLC )

Product:
Window NetHost

Version:
2.9.3.2

MD5:
e76cf6173edc56c6d7394b7893b19324

SHA-1:
acdae452f49a0b96ccea6f987952f33ee291d8ea

SHA-256:
9776251e8df6fa570a8bb78b2d7b1b9c9a8addf44c9a83e079a34c0f805c64fb

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
4/25/2024 1:15:59 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Yelloader.A potentially unwanted (variant)
9.12480

Reason Heuristics
PUP.Amonitize.DBLSoft (M)
15.10.29.8

File size:
580.6 KB (594,560 bytes)

Product version:
2.9.3.2

Copyright:
Copyright (C) 2015

Original file name:
Window NetHost

File type:
Executable application (Win32 EXE)

Language:
Russian (Russia)

Common path:
C:\Program Files\winnetinit\winnetinit.exe

Digital Signature
Signed by:
LLC

Authority:
COMODO CA Limited

Valid from:
9/30/2015 8:00:00 PM

Valid to:
9/30/2016 7:59:59 PM

Subject:
CN="LLC ""AZ SOFT""", O="LLC ""AZ SOFT""", STREET="Vulytsya Dalnytska, Budynok 23/4, Ofis 310", L=Odesa, S=Odeska, PostalCode=65005, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3CCA67117AE7C5BE2F99ECBA3ECC9F69

File PE Metadata
Compilation timestamp:
10/28/2015 2:43:47 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:9fc0O/bi8Y2TmfFT0M8upjweIe8fviX0RbmCeA9KnAIs:9QG2mfFYqjweXWqkRbx6A

Entry address:
0x39EA8

Entry point:
E8, 96, B3, 00, 00, E9, 7F, FE, FF, FF, E9, 5D, 06, 00, 00, 3B, 0D, 74, 76, 48, 00, 75, 02, F3, C3, E9, 8B, 17, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, E8, D8, 48, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 70, 79, 48, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA...
 
[+]

Entropy:
6.6029

Code size:
438.5 KB (449,024 bytes)

The file winnetinit.exe has been discovered within the following program.

Window NetHost  by DBL Soft
About 5% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to s-prd-umpxl-adcom_nwa_blue.evip.aol.com  (149.174.67.73:80)

TCP (HTTP):
Connects to server-54-230-70-32.sea50.r.cloudfront.net  (54.230.70.32:80)

TCP (HTTP):
Connects to server-54-192-68-210.sea50.r.cloudfront.net  (54.192.68.210:80)

TCP (HTTP):
Connects to segserv-20.btrll.com  (162.208.20.166:80)

TCP (HTTP):
Connects to sea15s02-in-f162.1e100.net  (216.58.216.162:80)

TCP (HTTP SSL):
Connects to sea15s01-in-f2.1e100.net  (216.58.216.130:443)

TCP (HTTP SSL):
Connects to sea09s18-in-f27.1e100.net  (173.194.33.187:443)

TCP (HTTP):
Connects to sea09s16-in-f28.1e100.net  (173.194.33.124:80)

TCP (HTTP):
Connects to sea09s15-in-f13.1e100.net  (173.194.33.77:80)

TCP (HTTP SSL):
Connects to r-199-59-149-243.twttr.com  (199.59.149.243:443)

TCP (HTTP):
Connects to presentation-sjc2.turn.com  (69.194.244.11:80)

TCP (HTTP):
Connects to ns518235.ip-158-69-52.net  (158.69.52.198:80)

TCP (HTTP):
Connects to log-sj.adap.tv  (64.236.122.15:80)

TCP (HTTP):
Connects to float.2099.bm-impbus.prod.lax1.adnexus.net  (68.67.128.251:80)

TCP (HTTP):
Connects to edge-liverail-shv-01-sea1.facebook.com  (31.13.76.100:80)

TCP (HTTP):
Connects to ec2-54-86-244-162.compute-1.amazonaws.com  (54.86.244.162:80)

TCP (HTTP):
Connects to ec2-54-67-56-245.us-west-1.compute.amazonaws.com  (54.67.56.245:80)

TCP (HTTP):
Connects to ec2-54-243-151-63.compute-1.amazonaws.com  (54.243.151.63:80)

TCP (HTTP):
Connects to ec2-54-236-206-150.compute-1.amazonaws.com  (54.236.206.150:80)

TCP (HTTP):
Connects to ec2-54-235-195-128.compute-1.amazonaws.com  (54.235.195.128:80)

Remove winnetinit.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.