alnaddy_india.exe

tal ltd

The application alnaddy_india.exe by tal ltd has been detected as adware by 4 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from i1.proffiiget.in.
Publisher:
Oneindian  (signed by tal ltd)

Product:
Oneindian

Version:
2.1.3.0

MD5:
b856591d22b6f65096832e5eb01f8b2c

SHA-1:
36c029f76d825666c8883611ea339629787e004c

SHA-256:
3a577051f8e6161e67d358b17ef183df662d6481966e92ab67a0f3e6f2b32bda

Scanner detections:
4 / 68

Status:
Adware

Analysis date:
12/25/2024 1:39:17 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
MalSign.Generic
2015.0.3507

Malwarebytes
PUP.Optional.UniversalUpdater.A
v2014.04.11.10

Reason Heuristics
PUP.talltd.N
14.3.13.19

Trend Micro House Call
TROJ_GE.4137C418
7.2.101

File size:
853.6 KB (874,056 bytes)

Copyright:
Oneindian © 2014

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\addons\alnaddy_india.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
7/24/2013 5:00:00 PM

Valid to:
7/25/2014 4:59:59 PM

Subject:
CN=tal ltd, O=tal ltd, STREET=22-24 Mayor Parvan Toshev str, L=sofia, S=bulgaria, PostalCode=1000, C=BG

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
06D8799B2CB3044B5BEDEE2F7650B86D

File PE Metadata
Compilation timestamp:
7/14/2013 1:09:44 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:DGX+wkoVaVFkV8k5J5RBt17quiTOiOf/cbcEMN4t99dG50uuBhlk/fF/AWd3A:DGOgOkV8S5RBt1zX/cb/A4DD8pAWd3A

Entry address:
0x324D

Entry point:
81, EC, 84, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 89, 5C, 24, 20, C6, 44, 24, 14, 20, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 8C, 72, 40, 00, 6A, 08, A3, 98, 3F, 42, 00, E8, 8B, 2D, 00, 00, A3, E4, 3E, 42, 00, 53, 8D, 44, 24, 38, 68, 60, 01, 00, 00, 50, 53, 68, A0, F4, 41, 00, FF, 15, 64, 71, 40, 00, 68, E4, 91, 40, 00, 68, E0, 36, 42, 00, E8, 35, 2A, 00, 00, FF, 15, B0, 70, 40, 00, BD, 00, 90, 42, 00, 50, 55, E8, 23, 2A...
 
[+]

Entropy:
7.9915

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file alnaddy_india.exe has been seen being distributed by the following URL.

Remove alnaddy_india.exe - Powered by Reason Core Security