» alnaddy-v2.1.3.0.exe
Overview
Analysis
File Details
Downloads (4)

alnaddy-v2.1.3.0.exe

tal ltd

The application alnaddy-v2.1.3.0.exe by tal ltd has been detected as adware by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from i1.superstoragemy.com and multiple other hosts.

File name:

Publisher:

Alnaddy (signed by tal ltd)

Product:

Alnaddy

Version:

2.1.3.0

MD5:

3573dbb96e4376d91daf38c52ccabe3e

SHA-1:

2b47b9283842201fc28d851adf56597e4d708164

SHA-256:

7699fcef4111b5b860d7ed52e0c0f74344728b1f104283260a318cc8613960b0

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

11/23/2024 10:41:20 PM UTC (today)

Scan engine

Detection

Engine version

AVG

MalSign.Generic

2015.0.3556

Reason Heuristics

PUP.talltd.N

14.3.13.19

File size:

840.4 KB (860,616 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\alnaddy-v2.1.3.0.exe

Digital Signature

Signed by:

tal ltd

Authority:

COMODO CA Limited

Valid from:

7/25/2013 2:00:00 AM

Valid to:

7/26/2014 1:59:59 AM

Subject:

CN=tal ltd, O=tal ltd, STREET=22-24 Mayor Parvan Toshev str, L=sofia, S=bulgaria, PostalCode=1000, C=BG

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

06D8799B2CB3044B5BEDEE2F7650B86D

File PE Metadata

Compilation timestamp:

7/14/2013 10:09:44 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

12288:bMHV5Mmqlnr8JDe8zAbRuQ1TEi9vygRV/I4cx674FWiO1+7l/eX3NHMVpSDypxb:bMVkr4z4RuE9DP43x/eXY7Xb

Entry address:

0x324D

Entry point:

81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 08, A3, 98, 3F, 42, 00, E8, 8B, 2D, 00, 00, A3, E4, 3E, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, A0, F4, 41, 00, FF, 15, 64, 71, 40, 00, 68, E4, 91, 40, 00, 68, E0, 36, 42, 00, E8, 35, 2A, 00, 00, FF, 15, B0, 70, 40, 00, BD, 00, 90, 42, 00, 50, 55, E8, 23, 2A... 
[+]

Entropy:

7.9908

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file alnaddy-v2.1.3.0.exe has been seen being distributed by the following 4 URLs.

http://i1.superstoragemy.com/.../alnaddy-v2.1.3.0.exe

http://i1.zipration.org/.../alnaddy-v2.1.3.0.exe

http://i1.stylefun.info/.../alnaddy-v2.1.3.0.exe

http://i1.proffiiget.in/.../alnaddy-v2.1.3.0.exe

Remove alnaddy-v2.1.3.0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.