» 1qlhele9nsw==200.exe
Overview
Analysis
File Details
Downloads (1)

1qlhele9nsw==200.exe

The application 1qlhele9nsw==200.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from csdi-dlstatic.clean-navigate.com.

File name:

MD5:

d09f0f71fa02161572eb47088e936458

SHA-1:

b81c41f468e84353e361e2486efa5f6ccf4ab83b

SHA-256:

a2c4af9eabcc0b10084dbadd9fd7699ab1eca68a33a6946fa840879788f84e47

Scanner detections:

14 / 68

Status:

Potentially unwanted

Analysis date:

11/15/2024 10:48:56 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Agent.1753064.75

8.3.2.2

AVG

Generic

2016.0.2945

Dr.Web

Program.Unwanted.711

9.0.1.0298

ESET NOD32

Win32/Agent.RLD (variant)

9.12290

IKARUS anti.virus

Trojan.Win32.Agent

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.210.17285

Kaspersky

not-a-virus:AdWare.Win32.Agent

14.0.0.1221

Malwarebytes

PUP.Optional.ConvertAd

v2015.10.25.07

McAfee

Artemis!17DC311900F2

5600.6601

NANO AntiVirus

Riskware.Win32.Unwanted.dvtsiu

0.30.24.3283

Panda Antivirus

Generic Suspicious

15.10.25.07

Sophos

Generic PUA NE (PUA)

4.98

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.4

VIPRE Antivirus

Adware.Agent

43958

File size:

4.6 MB (4,786,304 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\1qlhele9nsw==200.exe

File PE Metadata

Compilation timestamp:

10/7/2014 5:40:23 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:c1DuvZYwKlh1UsbRDnlvDphBD+oM0mLV7JrFbICwE0gxmbTE9vo:cJuvkh17RDxBbM0yv303n+vo

Entry address:

0x30E2

Entry point:

81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 90, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 1C, 71, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 09, A3, 78, E4, 42, 00, E8, A8, 2D, 00, 00, A3, C4, E3, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, 00, 88, 42, 00, FF, 15, 64, 71, 40, 00, 68, 80, 91, 40, 00, 68, C0, DB, 42, 00, E8, 52, 2A, 00, 00, FF, 15, 20, 71, 40, 00, BD, 00, 40, 43, 00, 50, 55, E8, 40, 2A... 
[+]

Entropy:

7.9973

Packer / compiler:

Nullsoft install system v2.x

Code size:

23.5 KB (24,064 bytes)

The file 1qlhele9nsw==200.exe has been seen being distributed by the following URL.

http://csdi-dlstatic.clean-navigate.com/dl/klt/19/.../MaxDrivrUpdater.exe

Remove 1qlhele9nsw==200.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.