1qlhele9nsw==200.exe

The application 1qlhele9nsw==200.exe has been detected as a potentially unwanted program by 14 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from csdi-dlstatic.clean-navigate.com.
MD5:
d09f0f71fa02161572eb47088e936458

SHA-1:
b81c41f468e84353e361e2486efa5f6ccf4ab83b

SHA-256:
a2c4af9eabcc0b10084dbadd9fd7699ab1eca68a33a6946fa840879788f84e47

Scanner detections:
14 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 8:10:52 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Agent.1753064.75
8.3.2.2

AVG
Generic
2016.0.2945

Dr.Web
Program.Unwanted.711
9.0.1.0298

ESET NOD32
Win32/Agent.RLD (variant)
9.12290

IKARUS anti.virus
Trojan.Win32.Agent
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.210.17285

Kaspersky
not-a-virus:AdWare.Win32.Agent
14.0.0.1221

Malwarebytes
PUP.Optional.ConvertAd
v2015.10.25.07

McAfee
Artemis!17DC311900F2
5600.6601

NANO AntiVirus
Riskware.Win32.Unwanted.dvtsiu
0.30.24.3283

Panda Antivirus
Generic Suspicious
15.10.25.07

Sophos
Generic PUA NE (PUA)
4.98

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

VIPRE Antivirus
Adware.Agent
43958

File size:
4.6 MB (4,786,304 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\1qlhele9nsw==200.exe

File PE Metadata
Compilation timestamp:
10/7/2014 5:40:23 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:c1DuvZYwKlh1UsbRDnlvDphBD+oM0mLV7JrFbICwE0gxmbTE9vo:cJuvkh17RDxBbM0yv303n+vo

Entry address:
0x30E2

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 90, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, 1C, 71, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 09, A3, 78, E4, 42, 00, E8, A8, 2D, 00, 00, A3, C4, E3, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, 00, 88, 42, 00, FF, 15, 64, 71, 40, 00, 68, 80, 91, 40, 00, 68, C0, DB, 42, 00, E8, 52, 2A, 00, 00, FF, 15, 20, 71, 40, 00, BD, 00, 40, 43, 00, 50, 55, E8, 40, 2A...
 
[+]

Entropy:
7.9973

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file 1qlhele9nsw==200.exe has been seen being distributed by the following URL.

Remove 1qlhele9nsw==200.exe - Powered by Reason Core Security