» arablpk.exe
Overview
Analysis
File Details
Downloads (1)

arablpk.exe

PCfone, Inc.

The executable arablpk.exe, “Arabic Keyboard Setup ” has been detected as malware by 11 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download. The file has been seen being downloaded from www.pcfone.com.

File name:

arablpk.exe

Publisher:

PCfone, Inc.

Description:

Arabic Keyboard Setup

Version:

5.2

MD5:

e40f087e700f68fd68c1100cf0e586c4

SHA-1:

2f8b172d6fb333494b886e0871f800430d5de4ce

SHA-256:

d16aff22cd127b970adca5e1f489cb2b53860d9b3e8c3a38b8539b2bcdeedced

Scanner detections:

11 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

12/28/2024 6:35:10 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:SaliCode

160518-2

AVG

Win32/Sality

2015.0.4591

Dr.Web

Win32.Sector.30

9.0.1.05190

Emsisoft Anti-Malware

Win32.Sality

16.06.02

ESET NOD32

Win32/Sality.NBA virus

8.0.319.0

F-Prot

W32/Sality.gen2

4.6.5.141

F-Secure

Win32.Sality.3

5.15.96

Kaspersky

Virus.Win32.Sality

15.0.0.562

McAfee

Virus.W32/Sality.gen.z

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.223.412.0

Norman

Win32.Sality.3

22.05.2016 23:45:12

File size:

3.8 MB (3,972,865 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\arablpk.exe

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:IcHM4ynWNPFXbs0knyFpKBxIEpjJE6KvtH+EPSZx0Q6JVb1:xs4HFSKi5pdEptx80Q6nJ

Entry address:

0x97F0

Entry point:

FE, CC, 8A, E3, F7, C7, 9F, 0C, 08, F8, 0F, B6, CB, 3B, DB, 81, FE, A7, D9, 00, 00, 74, 06, 8D, 0D, B0, 01, F7, 02, 52, 56, 81, FD, 31, EA, 00, 00, 78, 0F, 8D, 2D, C4, 57, 67, 70, 0F, B7, E8, 8A, EE, 8B, C5, 39, F9, C6, C5, 53, 0F, C8, E8, 0F, 00, 00, 00, 0F, AF, D7, B6, AF, 76, 02, F6, D2, 81, FB, A4, 3A, 00, 00, 09, DD, BF, 26, 7A, 7C, 3B, 85, C0, 3B, CA, 5F, 8D, 35, 8B, 39, A7, FE, F6, C4, E7, 69, CD, E6, 5B, 8D, 90, C7, C6, 48, FC, E2, FB, 8D, 1D, D7, E7, 00, 00, 81, FB, 46, 9E, 00, 00, 77, 06, 85, D1... 
[+]

Entropy:

7.9983 (probably packed)

Code size:

36 KB (36,864 bytes)

The file arablpk.exe has been seen being distributed by the following URL.

http://www.pcfone.com/.../kbaren.zip

Remove arablpk.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.