home

al-nabatshy.exe

Asper

C Vital

The application al-nabatshy.exe has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from files-download-23.com.
Publisher:
C Vital

Product:
Asper

Description:
LeaveLoadLoud

Version:
4, 10, 43, 0

MD5:
19a8e1d77f62862576d97cb85c99ebc2

SHA-1:
6870dad1872947c4676cb6d9137b2d06bc380fd6

SHA-256:
39a3b743f8a030677f21243445db2997f50196dde032e598861d006f124f2b79

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 2:55:01 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Adware.Maxiget.CVital.Meta (M)
16.5.24.8

File size:
149.5 KB (153,090 bytes)

Product version:
4, 10, 43, 0

Copyright:
Conical (c)

Trademarks:
TM2-15

Original file name:
lltmoping.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\al-nabatshy.exe

File PE Metadata
Compilation timestamp:
4/24/2015 10:17:54 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:iN6ZekwVJIlgps5q9Eb648qwlS/+TfQO45DDqHGjtPn:pe9IB83ID5/qHGp/

Entry address:
0xA4F5

Entry point:
E8, 81, 3A, 00, 00, E9, 78, FE, FF, FF, 3B, 0D, 2C, 78, 41, 00, 75, 02, F3, C3, E9, 03, 3B, 00, 00, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 2C, 78, 41, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 2C, 78, 41, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00...
 
[+]

Entropy:
5.6780

Code size:
65.5 KB (67,072 bytes)

The file al-nabatshy.exe has been seen being distributed by the following URL.

https://files-download-23.com/smart-download/.../Al-Nabatshy.exe

Remove al-nabatshy.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.